Web Services Security, E-Commerce Security news, articles & updates| SC Media
Skip to navigation Skip to main content

Web Services Security, E-Commerce Security

Cybercrime, Data Breach, Retail, Security News, Web Services Security, E-Commerce Security, Website/Web Server Security

Malicious actor holds at least 31 stolen SQL databases for ransom

By
Publish Date

A malicious cyber actor or hacking collective has reportedly been sweeping the internet for online stores’ unsecured SQL databases, copying their contents, and threatening to publish the information if the rightful owners don’t pay up. The perpetrator has stolen the copied versions of at least 31 SQL databases, which have been put up for sale…

Application Security, Coronavirus, Mobile Security, Privacy & Compliance, Research, Security News, Web Services Security, E-Commerce Security

Device owners demand opt-out power from COVID-19 contact tracing apps

By
Publish Date

To encourage widespread acceptance of Bluetooth-based COVID-19 contact tracing applications, developers should allow consumers to opt out of data sharing at any time, and they should also be more forthcoming about their security efforts and data usage, according to the results of a new survey. For the study, Checkmarx polled 1,500 Americans and found that…

Low unemployment
Coronavirus, Government, Network Security, Security News, Web Services Security, E-Commerce Security, Website/Web Server Security

Arkansas, Illinois COVID-19 unemployment websites leak data

By
Publish Date

Arkansas and Illinois both reportedly exposed sensitive citizen data after failing to adequately secure web services that the states urgently propped up in order to process applications for the federal Pandemic Unemployment Assistance program. Experts say the hurried pace of setting up these digital services could very well have resulted in glitches and overlooked gaps…

NintendoSwitch
Coronavirus, Retail, Security News, Web Services Security, E-Commerce Security

Resellers reportedly using bots to buy up in-demand Nintendo Switches

By
Publish Date

Consumers sheltering in place at home who were hoping to order a Nintendo Switch to stave off cabin fever during the COVID-19 pandemic have reportedly been thwarted by a newly introduced bot program designed to buy up consoles from e-retailers before ordinary humans can. Dubbed Bird Bot, the open-source tool has been used by buyers…

Coronavirus, Cybercrime, Government, Malware, Phishing, Security News, Web Services Security, E-Commerce Security, Website/Web Server Security

Open redirect on Dept. of HHS website benefits COVID-19 phishing scam

By
Publish Date

A coronavirus-themed phishing campaign designed to infect victims with Raccoon information-stealing malware has reportedly been leveraging an open redirect vulnerability found on the U.S. Department of Health and Human Services’ website, HHS.gov. As defined by Trustwave here, an open redirect occurs when a website’s “parameter values (the portion of URL after “?”) in an HTTP…

MS13-061 was scrapped after Microsoft became aware that installing it causes problems.
Cybercrime, Security News, Web Services Security, E-Commerce Security, Website/Web Server Security

Report: Account takeover and data scraping attacks on e-retailers up as COVID-19 surges

By
Publish Date

Masses of global citizens have been retreating to their homes and relying on online services to stock up their domiciles during the coronavirus pandemic, and it could be having an influence on cyberattacks against websites. Researchers at application protection company PerimeterX have reported a two-month increase in account takeover attacks against online home goods retailers,…

Cybercrime, Malware, Retail, Security News, Web Services Security, E-Commerce Security, Website/Web Server Security

Report: NutriBullet’s website injected with skimmer three times by Magecart Group 8

By
Publish Date

Since February, a prominent Magecart cybercriminal group has injected the same Java-based payment card skimmer program not one, not two, but three times into the compromised international website of blender manufacturer NutriBullet, researchers from RiskIQ have reported. Each time a skimmer was removed from nutribullet.com, the criminal actors, known as Magecart Group 8, would reintroduce…

Coronavirus, Malware, Security News, Web Services Security, E-Commerce Security, Website/Web Server Security

COVID-19 decoy doc, Cloudflare service used to spread ‘BlackWater’ malware

By
Publish Date

Researchers have uncovered a new malware campaign that uses the COVID-19 pandemic as a lure, and also abuses platform-as-a-service web infrastructure tools to apparently thwart attempts at blocking command-and-control communications. Dubbed BlackWater, the backdoor malware specifically takes advantage of Cloudflare Workers — an offering of Cloudflare, a popular provider of website operators with content delivery…

Malware, Security News, Web Services Security, E-Commerce Security, Website/Web Server Security

Don’t install that security certificate; it’s a malware scam

By
Publish Date

Cybercriminals have been compromising websites to display a fake security certificate error message in hopes of tricking visitors into downloading the Mokes backdoor or the Buerak downloader. Researchers from Kaspersky who discovered the scam said in a blog post that the ruse is a new twist on the old technique of hacking a website so…

Botnet2
Cybercrime, Security News, Web Services Security, E-Commerce Security, Website/Web Server Security

Report: Extortionists threaten websites with AdSense ban caused by bot traffic

By
Publish Date

A new email-based extortion campaign is reportedly threatening to flood websites with bot-generated fake traffic so that Google’s anti-fraud mechanisms block their AdSense advertising service accounts. According to security researcher Brian Krebs, the extortionists are telling email recipients that they will soon see a message from Google warning them that the number of ads they…

Next post in Cybercrime