Retail | SC Media

Retail

Magecart attack on e-commerce service impacts Sesame Street store and many more

Magecart hackers found out how to get to Sesame Street’s online store – and in all likelihood thousands more merchants – by initially compromising e-commerce and shopping cart service provider Volusion to deliver the credit card-skimming code. Israel-based security researcher Marcel Afrahim, who for his day job works as a research developer at Check Point…

Estonian hacker sentenced

Hy-Vee details 2019 POS data breach incident

Mid-Western supermarket chain Hy-Vee issued an update regarding the POS data breach it reported in August, including when it happened on the locations involved. Hy-Vee said in an October 3 release that unauthorized access was detected on July 29, 2019 and focused on Hy-Vee fuel pumps, drive-thru coffee shops, and restaurants at Hy-Vee Market Grilles,…

Evidence tying Cobalt Group to Magecart Group 4 unveiled

The security firms Malwarebytes and HYAS have strung together several pieces of evidence that they believe tie Magecart Group 4 to the Cobalt Group. The two companies found that the Cobalt Group and Magecart Group 4 have several overarching similarities, such as the use of advanced techniques during their attacks and a history with banking…

Magecart card-skimming group targets L7 routers used by high-traffic locales

A prominent Magecart cybercriminal group appears to be testing card-skimming code capable of compromising commercial-grade layer 7 (L7) routers used by airports, casinos, hotels and resorts, researchers are reporting. The threat actor, deemed Magecart Group 5 or MG5, has seemingly also experimented with injecting code into a popular open-source mobile app code. Such an attack…

hotel

Hotel websites infected with skimmer via supply chain attack

A Magecart card-skimming campaign this month sabotaged the mobile websites of two hotel chains by executing a supply chain attack on a third-party partner, researchers have reported. The third party in both instances was Roomleader, a Barcelona-based provider of digital marketing and web development services. One of the ways Roomleader helps hospitality companies build out…

Automakers pen 'privacy principles' for in-car technology

Misconfigured database exposes 198M records on prospective auto buyers

Dealer Leads, LLC, a digital marketing company for car dealerships, was discovered last month to have exposed an Elastic database that contained 198 million records on prospective automotive buyers. Publicly accessible information included the plain-text names, email addresses, phone numbers, home addresses and IP addresses of visitors to numerous websites affiliated with Dealer Leads, cybersecurity…

Hy-Vee supermarkets report POS cyber incident

The Mid-Western supermarket chain Hy-Vee has issued a warning that the payment card system was breached at several of its locations and services. The 245-store chain said in an August 14 statement that there was an undefined security incident with the payment processing systems that handled transactions at some Hy-Vee fuel pumps, drive-thru coffee shops,…

Sephora reports data breach, but few details

High-end beauty product supply retailer Sephora is reporting a data breach affecting its customers in the South Pacific and Southeast Asia. The chain sent an email to its online customers on July 29 detailing the incident. At this time the company does not believe any credit card information was involved nor that any of the…

Amazon, prime day, phishing, credit card, retail

Amazon Prime Day cybersecurity preparations

Cybercriminals are never hesitant to try and take advantage of a big event and Amazon Prime Day is no exception. With every interaction being made online during the 48-hour sale starting on July 15, infosecurity experts are putting out warnings on how to avoid being scammed. “The increased internet traffic to a specific site with…

Next post in Cybercrime