Retail | SC Media


Tech Support Scam

Office Depot, to pay $35M in restitution over tech scam


Office Depot and will pay $35 million to settle a legal action brought by the Federal Trade Commission (FTC) that alleged that alleged the two companies tricked customers into buying repair and technical services by saying malware was found on their computer. Office Depot is responsible for paying $25 million and $10 million…

Despite arrests, FIN7 launched 2018 attack campaigns featuring new malware


Even after several alleged members were arrested last year, FIN7 continues to show signs of life, as evidenced by the recent discovery of an administration panel tool called “Astra” and two new malware samples used in campaigns by the cybercriminal group in 2018. Researchers from Flashpoint who uncovered the threat observed Astra-related activity from May…

Will PSD2 Finally Kill The Password?

The EU Payment Services Directive (PSD2) will revolutionize consumer authentication. Passwords have been dying a slow death for a while, but PSD2 is likely going to deal the final death blow. Can we all say, “hip hip hooray?” For those who feel that this is just an issue for the European market, think again. The…

Researchers catch whiff of previously unknown POS sniffers and scrapers


Researchers in the last 48 hours have released a trio of reports, each of which details a newly discovered point-of-sale (POS) malware program that skims or scrapes payment card information from e-commerce websites or in-store checkout terminals. At least two of these three new threats, GMO and DMSniff, have already been observed actively attacking enterprises,…

Fin6 using FrameworkPOS scraping malware in POS attacks


The threat group Fin6 has been connected to a string of point-of-sale attacks against VMWare Horizon thin clients. The security firm Morphisec Labs reported the attacks have been taking place for eight to 10 weeks with a particular spike on Feb. 6 that saw numerous attempted downloads of the Cobalt Strike backdoor. Morphisec has tentatively connected…

Report: Chinese cyberspies hacked MSP, retailer and law firm in economic espionage campaign


The Chinese state-sponsored threat actor APT10 used stolen remote access software credentials to infiltrate the network of Norwegian managed services provider Visma last year, likely in an effort to launch secondary attacks against the MSP’s clients. An investigation into the cyber espionage campaign revealed that APT10, aka Stone Panda, used similar tactics to invade the…

New Magecart group using new tactics hits French ad firm


Researchers at Trend Micro and RiskIQ have pulled the curtain away from a new Magecart sub-group that managed to insert card skimmer code into more than 200 companies by using a third-party vendor as an unwitting accomplice. The new malicious team, tagged Magecart Group 12, managed to inject their malware into the JavaScript library of…

Credential stuffing attack focuses on glasses retailer Warby Parker


Warby Parker on Thursday disclosed that roughly 198,000 of its customers may have been affected by a credential stuffing attack targeting the eyeglass retail chain. According to a company press release, an unknown cybercriminal actor has been attempting to access Warby Parker customer accounts by leveraging usernames and passwords that were previously stolen from other…

Next post in Security News