Retail | SC Media

Retail

Report: Chinese cyberspies hacked MSP, retailer and law firm in economic espionage campaign

By

The Chinese state-sponsored threat actor APT10 used stolen remote access software credentials to infiltrate the network of Norwegian managed services provider Visma last year, likely in an effort to launch secondary attacks against the MSP’s clients. An investigation into the cyber espionage campaign revealed that APT10, aka Stone Panda, used similar tactics to invade the…

New Magecart group using new tactics hits French ad firm

By

Researchers at Trend Micro and RiskIQ have pulled the curtain away from a new Magecart sub-group that managed to insert card skimmer code into more than 200 companies by using a third-party vendor as an unwitting accomplice. The new malicious team, tagged Magecart Group 12, managed to inject their malware into the JavaScript library of…

Credential stuffing attack focuses on glasses retailer Warby Parker

By

Warby Parker on Thursday disclosed that roughly 198,000 of its customers may have been affected by a credential stuffing attack targeting the eyeglass retail chain. According to a company press release, an unknown cybercriminal actor has been attempting to access Warby Parker customer accounts by leveraging usernames and passwords that were previously stolen from other…

$30 RAT, WinSpy, involved in two phishing campaigns

Dozens of companies impersonated in evolving ‘Three Questions Quiz’ scam

By

There’s no question about it: the “Three Questions Quiz” is a scam, regardless of which legitimate brand it’s attempting to imitate. Indeed, a new blog post from Akamai Technologies identifies 78 unique brands impersonated over the past year by this well-established online phishing scheme, in which victims are tricked into giving away personal information to…

Flowers

Bloom is off the rose: Canadian 1-800-FLOWERS operation discloses four-year breach

By

The Canadian retail operations of 1-800-FLOWERS has disclosed a four-year data breach affecting customers who purchased goods on its website, warning that payment card data was exposed. The company 1873349 Ontario, Inc., which owns www.1800Flowers.ca, acknowledged the incident in a breach notification to impacted consumers, which was filed with the California attorney general’s office on Nov. 30.…

Proposed law would outlaw ‘Grinch bots’ that snatch up toys for resale

By

Far beyond Whoville, in the U.S., our nation,The House and the Senate introduced legislation.The bill makes illegal the use of “Grinch bots”To buy up all the toys, disappointing young tots. Okay, enough with the Suessing… On Nov. 16, House Rep. Paul Tonko D, N.Y., submitted H. R. 7160, aka the “Stopping Grinch Bots Act of 2018.”…

Consumers willing to be fleeced for the right Cyber Monday deal

By

The official start of the holiday shopping is here and even though cybersecurity firms are issuing warnings to help protect online shoppers many consumers may ignore safety advice if it stops them from saving money. A variety of scams have already been spotted, with cybercriminals creating fake store websites, launching shopping-related phishing campaigns and running…

Amazon Logo

Amazon website glitch exposes customer data

By

Amazon customer service reportedly sent an unknown number of customers an email today, warning that a technical error on its website had exposed their data. Details on incident are scant, as Amazon’s disclosure was rather vague in details, according to several outlets that covered the development. “Hello, We’re contacting you to let you know that…

Next post in Security News