Retail

Retail

Bed Bath & Beyond declares data incident

Home goods retailer Bed Bath & Beyond yesterday disclosed in a Securities & Exchange Commission 8-K filing that an unauthorized third party illegally accessed one percent of its online customers’ accounts. The online intruder acquired the account emails and passwords from a “source outside the company’s systems,” the Union Township, N.J. retailer reported. Based on…

DDoS attackers claim to be Russian APT group, demand ransom

A group of extortionists claiming to be the Russian APT group Fancy Bear launched a ransom denial of service (RDoS) campaign against numerous industry sectors earlier this month, demanding a payment of 2 Bitcoin to stop bombarding victims with amplified traffic. In all likelihood, the attackers are not truly members of a Russian intelligence agency’s…

Fraudsters boldly entered the store to plant skimming devices.

Skimming malware found on American Cancer Society’s online store

One Magecart group decided that helping cancer victims is not enough of a reason to deter them from hitting the American Cancer Society’s online store with skimming malware. Sanguine Security found the malware on www.shop.cancer.org/ hiding behind the GoogleTagManager code. The store sells t-shirts emblazoned with the organization’s logo. “It searches for “’checkout’ (Y2hlY2tvdXQ=) and…

Phishing scam targets users of Stripe payment processing service

Cybercriminals have devised a phishing campaign that that takes aim at customers of the online payment processing company Stripe, with the intention to steal their credentials, compromise their accounts and presumably view their payment card data. The attackers employ two clever tricks to hide their malicious activity. First, they use a technique to block email…

Magecart attack on e-commerce service impacts Sesame Street store and many more

Magecart hackers found out how to get to Sesame Street’s online store – and in all likelihood thousands more merchants – by initially compromising e-commerce and shopping cart service provider Volusion to deliver the credit card-skimming code. Israel-based security researcher Marcel Afrahim, who for his day job works as a research developer at Check Point…

Magecart card-skimming group targets L7 routers used by high-traffic locales

A prominent Magecart cybercriminal group appears to be testing card-skimming code capable of compromising commercial-grade layer 7 (L7) routers used by airports, casinos, hotels and resorts, researchers are reporting. The threat actor, deemed Magecart Group 5 or MG5, has seemingly also experimented with injecting code into a popular open-source mobile app code. Such an attack…

hotel

Hotel websites infected with skimmer via supply chain attack

A Magecart card-skimming campaign this month sabotaged the mobile websites of two hotel chains by executing a supply chain attack on a third-party partner, researchers have reported. The third party in both instances was Roomleader, a Barcelona-based provider of digital marketing and web development services. One of the ways Roomleader helps hospitality companies build out…

robots2_1213384

Bad bot, bad bot whatcha gonna do…damage e-commerce sites

Bad bots hitting an organization’s website are a very common occurrence, but a new report shows e-commerce sites are bearing the brunt of and being negatively impacted by this invasive activity. Bad bots comprise 17.7 percent of all e-commerce site traffic, compared to 13.1 percent for good bots and the 69.2 percent generated by human…

Automakers pen 'privacy principles' for in-car technology

Misconfigured database exposes 198M records on prospective auto buyers

Dealer Leads, LLC, a digital marketing company for car dealerships, was discovered last month to have exposed an Elastic database that contained 198 million records on prospective automotive buyers. Publicly accessible information included the plain-text names, email addresses, phone numbers, home addresses and IP addresses of visitors to numerous websites affiliated with Dealer Leads, cybersecurity…

Software automates fake purchases on compromised credit cards

Two Deer Valley Resort restaurants hit with POS data breach

The Mariposa and the Royal Street Café in Deer Valley, Colo., are informing customers that their payment card information may have been compromised after an unauthorized party hacked the point-of-sale system of a resort operator that runs both restaurants. The two Deer Valley Resort restaurants discovered on May 17 that an unauthorized person had gained…

Next post in Retail