Retail | SC Media

Retail

Hy-Vee supermarkets report POS cyber incident

The Mid-Western supermarket chain Hy-Vee has issued a warning that the payment card system was breached at several of its locations and services. The 245-store chain said in an August 14 statement that there was an undefined security incident with the payment processing systems that handled transactions at some Hy-Vee fuel pumps, drive-thru coffee shops,…

Sephora reports data breach, but few details

High-end beauty product supply retailer Sephora is reporting a data breach affecting its customers in the South Pacific and Southeast Asia. The chain sent an email to its online customers on July 29 detailing the incident. At this time the company does not believe any credit card information was involved nor that any of the…

Amazon, prime day, phishing, credit card, retail

Amazon Prime Day cybersecurity preparations

Cybercriminals are never hesitant to try and take advantage of a big event and Amazon Prime Day is no exception. With every interaction being made online during the 48-hour sale starting on July 15, infosecurity experts are putting out warnings on how to avoid being scammed. “The increased internet traffic to a specific site with…

Magecart group compromises 17,000 domains by overwriting Amazon S3 buckets

One of the “Magecart” cybercriminal groups has infected more than 17,000 web domains with JavaScript-based payment card-skimming code by developing an automated process for finding and compromising misconfigured Amazon S3 buckets, researchers have reported. “These actors automatically scan for buckets which are misconfigured to allow anyone to view and edit the files it contains,” writes…

Automated Magecart campaign infects 962 online stores

A July 4 Magecart card-skimming attack successfully infiltrated 962 online stores in what researchers are calling the largest 24-hour automated Magecart campaign to date. Researchers from Sanguine Security Labs who detected the attack reported it via Twitter, and uploaded the JavaScript-based skimmer code to GitHub. Sanguine Security researcher Willem de Groot told BleepingComputer that the campaign…

Inconvenience stores: Thieves steal $500K from users of 7-Eleven Japan’s new payment app

Convenience chain 7-Eleven Japan has suspended a brand new mobile cashless payment service after an authorized third party accessed approximately 900 user accounts and made fraudulent charges totally 55 million yen, or roughly $500,000 dollars. The service, 7pay, reportedly had only been launched three days earlier, and allows participating customers to automatically charge purchased goods…

EatStreet data breach affecting diners, restaurants and delivery firms

The online food ordering and delivery service EatStreet informed its customers and partners that it suffered a data breach exposing a variety of personal data including payment card information. According to the California State Attorney General’s office, EatStreet sent letters to its diners, delivery and restaurant partners. In each letter the company noted that it…

POS malware swipes payment info from Checkers and Rally’s restaurants

Just over 100 Checkers and Rally’s fast food joints and their customers were victimized by a long-running point-of-sale malware campaign that stole payment card information from purchases taking place as far back as December 2015, Checkers Drive-In Restaurants announced in an online breach notification yesterday. The Tampa, Florida-based drive-thru chain said that approximately 15 percent…

Magecart POS malware found on Forbes subscription page

The publisher Forbes appears to be the most recent victim of malicious actors pushing Magecart POS skimming malware. Security researcher Troy Mursch, of Bad Packets Reports, set off the alarm on Twitter indicating Forbes magazine subscription website had been infected and was removing credit card data, Tripwire reported. As with other Magecart cases, the malware…

Credential stuffing: Bigger and badder than ever

Credential stuffing has been around since 2014 enticing cybercriminals with a hefty return on investment and usage has increased of late as even more payment account credentials are stolen and sold on the dark web. Recorded Future just issued a report that looks at the economic environment surrounding credential stuffing and some of the tools…

Next post in Cybercrime