At InfoSec World 2020 on Tuesday, a pair of risk officers from Party City offered an inside glimpse into how the $2.1 billion specialty retailer pulled off its first-ever top-down enterprise-wide IT risk assessment. Among the chief success factors they cited were: executive buy-in, the collaboration of skilled partners, assuring adequate resources, well-planned project scoping,…
International retailer Claire’s, whose fashion accessories are popular with tweens and teenagers, was hit with a Magecart scheme that skimmed PPI, including credit card data, for nearly two months. Discovered by researchers at security firm Sansec, the malware injection began on April 20 and stopped on June 13. The skimming began on March 20, the…
A malicious cyber actor or hacking collective has reportedly been sweeping the internet for online stores’ unsecured SQL databases, copying their contents, and threatening to publish the information if the rightful owners don’t pay up. The perpetrator has stolen the copied versions of at least 31 SQL databases, which have been put up for sale…
Malicious actors set up an entire online repository of malicious, credit card skimmer-laden favicons to lure in companies looking for a graphic to appear their browser tab. Favicons are a branding graphic, also known as a shortcut icon, website icon, tab icon, URL icon or bookmark icon. And while they are normally benign, a cybergang…
Consumers sheltering in place at home who were hoping to order a Nintendo Switch to stave off cabin fever during the COVID-19 pandemic have reportedly been thwarted by a newly introduced bot program designed to buy up consoles from e-retailers before ordinary humans can. Dubbed Bird Bot, the open-source tool has been used by buyers…
Credit card swipers are more often than not found inside online and brick and mortar retail point of sale systems, but a newer version has been targeting WordPress sites that use the WooCommerce plugin. WordPress sites using WooCommerce have been attacked before, but not with card swipers. Instead attackers focused on redirecting payments from the…
Cybercriminals tend to follow the money so with retail shopping dramatically shifting to the web due to the COVID-19 shutdown of brick and mortar retailers, researchers are seeing an increased use in online payment card skimming malware. Malwarebytes has tracked a 26 percent increase in the number of such skimmers in use in March 2020…
Masses of global citizens have been retreating to their homes and relying on online services to stock up their domiciles during the coronavirus pandemic, and it could be having an influence on cyberattacks against websites. Researchers at application protection company PerimeterX have reported a two-month increase in account takeover attacks against online home goods retailers,…
Since February, a prominent Magecart cybercriminal group has injected the same Java-based payment card skimmer program not one, not two, but three times into the compromised international website of blender manufacturer NutriBullet, researchers from RiskIQ have reported. Each time a skimmer was removed from nutribullet.com, the criminal actors, known as Magecart Group 8, would reintroduce…
The ticket reselling sites olympictickets2020.com and eurotickets2020.com reportedly have been compromised with Magecart POS skimming malware. Magecart was first spotted on the two sites , which deal in tickets for the upcoming 2020 Tokyo Olympics EUFA Euro 2020, and were detailed In late January by researchers Jacob Pimental and Max Kersten and RiskIQ took the…
