The online food ordering and delivery service EatStreet informed its customers and partners that it suffered a data breach exposing a variety of personal data including payment card information. According to the California State Attorney General’s office, EatStreet sent letters to its diners, delivery and restaurant partners. In each letter the company noted that it…
Just over 100 Checkers and Rally’s fast food joints and their customers were victimized by a long-running point-of-sale malware campaign that stole payment card information from purchases taking place as far back as December 2015, Checkers Drive-In Restaurants announced in an online breach notification yesterday. The Tampa, Florida-based drive-thru chain said that approximately 15 percent…
The publisher Forbes appears to be the most recent victim of malicious actors pushing Magecart POS skimming malware. Security researcher Troy Mursch, of Bad Packets Reports, set off the alarm on Twitter indicating Forbes magazine subscription website had been infected and was removing credit card data, Tripwire reported. As with other Magecart cases, the malware…
Credential stuffing has been around since 2014 enticing cybercriminals with a hefty return on investment and usage has increased of late as even more payment account credentials are stolen and sold on the dark web. Recorded Future just issued a report that looks at the economic environment surrounding credential stuffing and some of the tools…
Cybercriminals using Magecart card-skimming code attacked the online store of the NBA’s Atlanta Hawks, stealing customers names, addresses and payment card numbers. The Sanguine Labs team at Sanguine Security identified the offending code on the store’s checkout page on Saturday April 20, according to a post on the security company’s website. But research from RiskIQ…
Fitness retailer Bodybuilding.com last Friday disclosed that an unauthorized party used a phishing scam to gain access to systems containing its customer data. According to an FAQ page posted on its website, the Boise, Idaho-based retailer discovered the breach incident in February 2019, roughly seven months after the phishing email was received in July 2018.…
Office Depot and Support.com will pay $35 million to settle a legal action brought by the Federal Trade Commission (FTC) that alleged that alleged the two companies tricked customers into buying repair and technical services by saying malware was found on their computer. Office Depot is responsible for paying $25 million and Support.com $10 million…
Even after several alleged members were arrested last year, FIN7 continues to show signs of life, as evidenced by the recent discovery of an administration panel tool called “Astra” and two new malware samples used in campaigns by the cybercriminal group in 2018. Researchers from Flashpoint who uncovered the threat observed Astra-related activity from May…
The EU Payment Services Directive (PSD2) will revolutionize consumer authentication. Passwords have been dying a slow death for a while, but PSD2 is likely going to deal the final death blow. Can we all say, “hip hip hooray?” For those who feel that this is just an issue for the European market, think again. The…
Researchers in the last 48 hours have released a trio of reports, each of which details a newly discovered point-of-sale (POS) malware program that skims or scrapes payment card information from e-commerce websites or in-store checkout terminals. At least two of these three new threats, GMO and DMSniff, have already been observed actively attacking enterprises,…
