Rampant data sharing suggests website managers lack control, visibility
Website managers need better insight into their third-party app partners’ default settings and access rights, experts say.
About SC Media
Retail
Skimmers hide in social media buttons and CSS files, but the next big threat lies with the server
Happy shopping: Beyond standard skimming techniques that focus on the client-side, attackers are increasingly focusing on back-end applications.
Home Depot settles with state AGs for 2014 point-of-sale hack
The Home Depot breach was, at the time, the largest reported breach in history, capturing 56 million credit cards.
B&N cyberattack calls into question the retailer’s network segmentation practices
An apparent ransomware infection at Barnes & Noble, which spread from the retailer’s corporate systems to its stores, has led to speculation over whether a lack of business segmentation could have assisted the malware’s propagation.
Party City celebrates IT risk assessment program; reveals keys to success
At InfoSec World 2020 on Tuesday, a pair of risk officers from Party City offered an inside glimpse into how the $2.1 billion specialty retailer pulled off its first-ever top-down enterprise-wide IT risk assessment. Among the chief success factors they cited were: executive buy-in, the collaboration of skilled partners, assuring adequate resources, well-planned project scoping,…
Cybercrime, Data Breach, Privacy & Compliance, Retail, Security News, Web Services Security, E-Commerce Security, Website/Web Server Security
Magecart skimmed from Claires.com for nearly two months
International retailer Claire’s, whose fashion accessories are popular with tweens and teenagers, was hit with a Magecart scheme that skimmed PPI, including credit card data, for nearly two months. Discovered by researchers at security firm Sansec, the malware injection began on April 20 and stopped on June 13. The skimming began on March 20, the…
Cybercrime, Data Breach, Retail, Security News, Web Services Security, E-Commerce Security, Website/Web Server Security
Malicious actor holds at least 31 stolen SQL databases for ransom
A malicious cyber actor or hacking collective has reportedly been sweeping the internet for online stores’ unsecured SQL databases, copying their contents, and threatening to publish the information if the rightful owners don’t pay up. The perpetrator has stolen the copied versions of at least 31 SQL databases, which have been put up for sale…
Favicons found housing credit card skimming malware
Malicious actors set up an entire online repository of malicious, credit card skimmer-laden favicons to lure in companies looking for a graphic to appear their browser tab. Favicons are a branding graphic, also known as a shortcut icon, website icon, tab icon, URL icon or bookmark icon. And while they are normally benign, a cybergang…
Resellers reportedly using bots to buy up in-demand Nintendo Switches
Consumers sheltering in place at home who were hoping to order a Nintendo Switch to stave off cabin fever during the COVID-19 pandemic have reportedly been thwarted by a newly introduced bot program designed to buy up consoles from e-retailers before ordinary humans can. Dubbed Bird Bot, the open-source tool has been used by buyers…
WordPress WooCommerce sites targeted by credit card skimmers
Credit card swipers are more often than not found inside online and brick and mortar retail point of sale systems, but a newer version has been targeting WordPress sites that use the WooCommerce plugin. WordPress sites using WooCommerce have been attacked before, but not with card swipers. Instead attackers focused on redirecting payments from the…
Next post in Cybercrime
