Credit Card | SC Media

Credit Card

EatStreet data breach affecting diners, restaurants and delivery firms

The online food ordering and delivery service EatStreet informed its customers and partners that it suffered a data breach exposing a variety of personal data including payment card information. According to the California State Attorney General’s office, EatStreet sent letters to its diners, delivery and restaurant partners. In each letter the company noted that it…

Magecart POS skimmer adds iframe injection technique

A new online POS skimmer used by one of the Magecart groups has been spotted injecting an iframe into retailer websites that asks for payment card information. Malwarebytes came across the new technique being used on a Magento powered e-commerce platform. Unlike other skimming methods, which search for the active payment form on the page…

Magecart POS malware found on Forbes subscription page

The publisher Forbes appears to be the most recent victim of malicious actors pushing Magecart POS skimming malware. Security researcher Troy Mursch, of Bad Packets Reports, set off the alarm on Twitter indicating Forbes magazine subscription website had been infected and was removing credit card data, Tripwire reported. As with other Magecart cases, the malware…

Credential stuffing: Bigger and badder than ever

Credential stuffing has been around since 2014 enticing cybercriminals with a hefty return on investment and usage has increased of late as even more payment account credentials are stolen and sold on the dark web. Recorded Future just issued a report that looks at the economic environment surrounding credential stuffing and some of the tools…

Chipotle

Chipotle customers stewing over payment card hack

Chipotle is receiving some negative customer reviews, but not over its food. Instead, some customers are saying on Twitter and Reddit that their payment card information has been hacked and is being used to make fraudulent purchases at the Mexican food chain. Chipotle denies a breach has taken place, although company officials did admit to…

NetflixRat

Amex, Netflix customers targeted in phishing campaign

Windows Defender Security Intelligence’s Office 365 Threat Research team has uncovered a phishing campaign targeting Netflix and American Express that attempt to steal payment card information. The campaign was detected on the weekend of March 16 and is still active, according to the Windows Defender Security Intelligence Twitter feed. In each case the phishing emails…

Fin6 using FrameworkPOS scraping malware in POS attacks

The threat group Fin6 has been connected to a string of point-of-sale attacks against VMWare Horizon thin clients. The security firm Morphisec Labs reported the attacks have been taking place for eight to 10 weeks with a particular spike on Feb. 6 that saw numerous attempted downloads of the Cobalt Strike backdoor. Morphisec has tentatively connected…

Ransomware out, formjacking in as primary attack vectors

Quick and easy attack methods like formjacking gained popularity among cybercriminals last year, while more tried and true approaches like ransomware fell to the wayside in 2018, according to a new report. The reasoning behind this switch, according to Symantec’s just-released Internet Security Threat Report, is quite straight-forward. Formjacking, which entails placing malware on a…

Dunn Brothers Coffee, Holiday Inn among those exposed by third-party payment card vendor breach

A company that handles payment operations for a large number of hotels and food establishments, including Holiday Inn, Dunn Brothers Coffee and Zipps Sports Grill, is informing its customers of a data breach that may have compromised consumer’s payment card information. North Country Business Products, of Bemidji, Minn., learned on January 4, 2019 of suspicious…

Next post in Data Breach