The Chinese state-sponsored threat actor APT10 used stolen remote access software credentials to infiltrate the network of Norwegian managed services provider Visma last year, likely in an effort to launch secondary attacks against the MSP’s clients. An investigation into the cyber espionage campaign revealed that APT10, aka Stone Panda, used similar tactics to invade the…
Researchers at Trend Micro and RiskIQ have pulled the curtain away from a new Magecart sub-group that managed to insert card skimmer code into more than 200 companies by using a third-party vendor as an unwitting accomplice. The new malicious team, tagged Magecart Group 12, managed to inject their malware into the JavaScript library of…
Neiman Marcus settled a class action lawsuit for $1.5 million that was brought after the department store suffered a data breach in 2014. The settlement was reached with the attorney generals in 43 states and the District of Columbia where the victims resided. The point-of-sale breach took place in 2013, but was not noticed by…
Warby Parker on Thursday disclosed that roughly 198,000 of its customers may have been affected by a credential stuffing attack targeting the eyeglass retail chain. According to a company press release, an unknown cybercriminal actor has been attempting to access Warby Parker customer accounts by leveraging usernames and passwords that were previously stolen from other…
There’s no question about it: the “Three Questions Quiz” is a scam, regardless of which legitimate brand it’s attempting to imitate. Indeed, a new blog post from Akamai Technologies identifies 78 unique brands impersonated over the past year by this well-established online phishing scheme, in which victims are tricked into giving away personal information to…
The Canadian retail operations of 1-800-FLOWERS has disclosed a four-year data breach affecting customers who purchased goods on its website, warning that payment card data was exposed. The company 1873349 Ontario, Inc., which owns www.1800Flowers.ca, acknowledged the incident in a breach notification to impacted consumers, which was filed with the California attorney general’s office on Nov. 30.…
Dell customers who wondered why they had to reset their passwords earlier this month learned today that action was taken due to a data breach, a fact it took the company several weeks to disclose. The computer maker reported today that it detected and disrupted unauthorized activity on Dell.com on Nov. 9, during time which…
Far beyond Whoville, in the U.S., our nation,The House and the Senate introduced legislation.The bill makes illegal the use of “Grinch bots”To buy up all the toys, disappointing young tots. Okay, enough with the Suessing… On Nov. 16, House Rep. Paul Tonko D, N.Y., submitted H. R. 7160, aka the “Stopping Grinch Bots Act of 2018.”…
The official start of the holiday shopping is here and even though cybersecurity firms are issuing warnings to help protect online shoppers many consumers may ignore safety advice if it stops them from saving money. A variety of scams have already been spotted, with cybercriminals creating fake store websites, launching shopping-related phishing campaigns and running…
Amazon customer service reportedly sent an unknown number of customers an email today, warning that a technical error on its website had exposed their data. Details on incident are scant, as Amazon’s disclosure was rather vague in details, according to several outlets that covered the development. “Hello, We’re contacting you to let you know that…
