Web Security | SC Media

Web Security

Enslaved Word Press sites attack sister-sites in botnet attack

By

Threat actors have created a botnet army using 20,000 infected Word Press sites that is, in turn, assaulting other Word Press websites using dictionary-style brute force attacks in an attempt to gain access. This information was revealed by Wordfence, a Word Press security plugin supplier, yesterday. Wordfence said its plugin has tracked and stopped more…

Flowers

Bloom is off the rose: Canadian 1-800-FLOWERS operation discloses four-year breach

By

The Canadian retail operations of 1-800-FLOWERS has disclosed a four-year data breach affecting customers who purchased goods on its website, warning that payment card data was exposed. The company 1873349 Ontario, Inc., which owns www.1800Flowers.ca, acknowledged the incident in a breach notification to impacted consumers, which was filed with the California attorney general’s office on Nov. 30.…

Arrest

FBI swats down massive, botnet-fueled ad fraud operation

By

With a heavy assist from private-sector cybersecurity and tech organizations, the FBI has dismantled a highly complex fraud network responsible for generating billions upon billions of fake online ad placements. In conjunction with the takedown, the U.S. Department of Justice yesterday announced a 13-count indictment filed against eight individuals, each a resident of either Russia,…

Proposed law would outlaw ‘Grinch bots’ that snatch up toys for resale

By

Far beyond Whoville, in the U.S., our nation,The House and the Senate introduced legislation.The bill makes illegal the use of “Grinch bots”To buy up all the toys, disappointing young tots. Okay, enough with the Suessing… On Nov. 16, House Rep. Paul Tonko D, N.Y., submitted H. R. 7160, aka the “Stopping Grinch Bots Act of 2018.”…

Amazon Logo

Amazon website glitch exposes customer data

By

Amazon customer service reportedly sent an unknown number of customers an email today, warning that a technical error on its website had exposed their data. Details on incident are scant, as Amazon’s disclosure was rather vague in details, according to several outlets that covered the development. “Hello, We’re contacting you to let you know that…

Make-A-Wish website compromised for cryptomining campaign

By

Not even the Make-A-Wish Foundation is off limits for some unscrupulous cybercriminals, as evidenced by a cryptojacking operation that compromised the charitable organization’s international website. Simon Kenin, security researcher at Trustwave, reported in a company blog post today that malicious actors injected a CoinImp browser-based cryptomining script that would harness the processing power of any…

The many faces of Magecart: Report profiles groups behind card-skimming threat

By

Magecart, the e-commerce payment card-skimming threat that has recently victimized Ticketmaster, British Airways, Newegg and other notable companies, is primarily comprised of six major active cybercriminal groups, according to a new joint research report. All of these groups use a version the same skimmer toolset, but they rely on different strategies and in some cases have…

Attackers exploit GDPR compliance plug-in for WordPress

By

A WordPress plug-in that’s supposed to help with GDPR compliance contains a dangerous privilege escalation vulnerability that attackers have been actively exploiting to compromise websites. Known as the WP GDPR Compliance plug-in, the software module helps ensure compliance with Europe’s General Data Protection Regulation by providing tools through which site visitors can permit use of their…

StatCounter platform compromised to infect gate.io exchange with bitcoin-stealing code

By

A malicious actor compromised the platform of leading web analytics firm StatCounter in a supply chain attack that targeted the cryptocurrency exchange gate.io with a bitcoin-stealing script. Outside of gate.io, none of the other two million-plus websites using StatCounter’s metrics services appear to have been affected by the malicious JavaScript, even if they downloaded it. That’s because the…

Facebook users’ data, private messages found up for sale online

By

Facebook is reportedly suggesting that malicious browser extensions may be behind yet another data breach affecting users of the social media platform – this one involving at least 257,256 stolen profiles, including 81,208 that included private messages. Journalists from the BBC, aided by researchers from Digital Shadows, began investigating the matter last September after seeing the accounts…

Next post in Cybercrime