Data: E-Retail Hacks More Lucrative Than Ever

Krebs on Security

Traditionally, the average price for card data nabbed from online retailers — referred to in the underground as “ CVVs ” — has ranged somewhere between $2 and $8 per account.

Retail 275

Holiday Shoppers Beware: 100K Malicious Sites Found Posing as Well-Known Retailers

Threatpost

Web Security copycat sites Fraud holiday shopping Let's Encrypt Phishing retail tls valid certificatesThe copycat sites are using valid certificates to be more convincing.

Retail 114

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Retail Fraud Spikes Ahead of the Holidays

Dark Reading

Researchers note massive increases in retail goods for sale on the black market, retail phishing sites, and malicious applications and social media profiles

Phishing Tactic Hides Tracks with Custom Fonts

Threatpost

The phishing campaign is using a new technique to hide the source code of its landing page - and stealing credentials from customers of a major U.S.-based Web Security Bank Credential Stealing custom fonts obfuscation Phishing phishing campaign retail substitution cipherbased bank.

Google: Security Keys Neutralized Employee Phishing

Krebs on Security

Google has not had any of its 85,000+ employees successfully phished on their work-related accounts since early 2017, when it began requiring all employees to use physical Security Keys in place of passwords and one-time codes, the company told KrebsOnSecurity.

FIFA caught hook, line and sinker in phishing attack

IT Governance

Football world-governing body FIFA has admitted that its systems suffered a sustained phishing hack earlier this year. It is believed that the breach was caused by an employee falling for a phishing scam.

How data breaches are affecting the retail industry

IT Governance

Only time will tell – and we may not have to wait long – but in the meantime, what is the impact of data breaches in the retail industry, and what needs to be done to mitigate them? Despite the prospect of fines and other penalties, many retailers are still not PCI-compliant.

Catches of the month: Phishing scams for September 2019

IT Governance

We’re back for another round-up of phishing scams that caught our eye over the past month. This series provides real-life examples of phishing emails, helping you understand how they work and what you should do to avoid falling victim. Breaches and Hacks cyber attack phishing

Online Retailer LightInTheBox exposes unsecured DB containing 1.3TB of web server logs

Security Affairs

LightInTheBox is a Chinese online retailer trading on the New York Stock Exchange, most of its customers are in North America and Europe. vpnMentor researchers pointed out that the security measures implemented by the retailer were insufficient.

Catches of the month: Phishing scams for December 2019

IT Governance

Want to stay up to date on phishing scams ? These attacks begin with a spear phishing attack sent to someone in the organisation who handles payments. See also: Phishing scams for November 2019. Phishing scams for October 2019. Phishing scams for September 2019.

The Countdown to Black Friday Has Begun. Are Retailers and Consumers Ready?

Thales eSecurity

So before the shopping frenzy begins, we thought this would be an opportune time to outline some best practices that both retailers and consumers should follow in order to protect consumer data. As convenience technologies evolve, look for more risks to consumers and retailers.

Amazon’s data breach email looks like a phishing scam

IT Governance

An unknown number of Amazon customers reported yesterday and today that they had received an email from the online retail giant (see below). To many, the email looks to be a phishing scam of some sort. It appears that Amazon had a bit of a problem – and it very nearly went unnoticed.

Radisson Rewards programme breached

IT Governance

Cyber Security Data Protection EU GDPR Retail #BreachReady data breach phishing awareness staff awareness training

TA505 Abusing Legit Remote Admin Tool in String of Attacks

Dark Reading

Russian-speaking threat group has been targeting retailers and financial institutions in the US and abroad via a spear-phishing campaign

Shopping safely over Black Friday and Cyber Monday

IT Governance

Black Friday and Cyber Monday are almost upon us, kickstarting what retailers hope will be a successful trading period. However, retailers offering both a physical and digital presence stand to gain the most, as the omnichannel approach is favoured by 69% of UK-based survey respondents.

PCI SSC warns organisations about growing threat of online skimming

IT Governance

The alert, issued in partnership with the Retail & Hospitality ISAC (information sharing and analysis centre [link] ), highlights a recent increase in malware attacks targeting e-commerce websites to gain payment card data. PCI DSS Retail

Experts report a rampant growth in the number of malicious, lookalike domains

Security Affairs

Cyber security firm Venafi announced it has uncovered lookalike domains with valid TLS certificates that appear to target major retailers. The number is doubled compared to last year, the study revealed that less than 19,890 certificates have been issued for legitimate retail domains.

Bristol Airport systems offline in suspected ransomware attack

IT Governance

Our ten-minute Phishing and Ransomware – Human patch e-learning course allows you to educate your staff quickly and cost-effectively. Cyber Security Retail e-learning phishing RansomwareAnother day, another cyber attack. This time it’s Bristol Airport.

Butlin’s Hacked – 34,000 customers affected

IT Governance

A spokesperson confirmed that the compromise had taken place over the past 72 hours and was caused by a phishing email. Cyber Security RetailButlin’s has suffered a data breach that has affected up to 34,000 of its customers. In a notice posted on its website , Butlin’s managing director, Dermot King, said: “We would like to assure all our guests that your payment details are secure and have not been compromised. Your Butlin’s usernames and passwords are also secure.”.

E-learning: the effective way to train your team

IT Governance

It is widely acknowledged that the retail and hospitality industries experience high staff turnover: frontline roles are often filled by temporary, young or part-time staff, the hours can be long and unsociable and the work can be physically demanding.

Wipro Intruders Targeted Other Major IT Firms

Krebs on Security

A screen shot of the Wipro phishing site securemail.wipro.com.internal-message[.]app. According to records maintained by Farsight Security , that address is home to a number of other likely phishing domains: securemail.pcm.com.internal-message[.]app.

IT 278

Getting #BreachReady: prepare for the worst, hope for the best

IT Governance

With human error posing one of the biggest security risks, it’s all too easy to accidentally click a link in a well-constructed phishing email. Cyber Security Data Protection EU GDPR Retail #BreachReady data breach data breach reporting

Ransomware at IT Services Provider Synoptek

Krebs on Security

based Synoptek is a managed service provider that maintains a variety of cloud-based services for more than 1,100 customers across a broad spectrum of industries , including state and local governments, financial services, healthcare, manufacturing, media, retail and software.

Parasite HTTP RAT implements a broad range of protections and evasion mechanims

Security Affairs

The malware was involved in a small email campaign targeting organizations primarily in the information technology, healthcare, and retail industries. The phishing emails used weaponized Microsoft Word attachments with macros that act as a downloader for the RAT. Breaking News Cyber Crime Malware Hacking malware Parasite HTTP phishing Pierluigi Paganini RAT Security Affairs

How Not to Acknowledge a Data Breach

Krebs on Security

Six hours after my story ran saying Wipro was in the throes of responding to a breach, the company was quoted in an Indian daily newspaper acknowledging a phishing incident. I’m not a huge fan of stories about stories, or those that explore the ins and outs of reporting a breach.

Russian TA505 threat actor target financial entities worldwide

Security Affairs

“CyberInt researchers have been tracking various activities following the spear-phishing campaign targeting large US-based retailers detected in December 2018.” The phishing messages used a weaponized Word document containing a Visual Basic for Applications (VBA) macr.

Retail 107

Jared, Kay Jewelers Parent Fixes Data Leak

Krebs on Security

The parent firm of bling retailers Jared and Kay Jewelers has fixed a bug in the Web sites of both companies that exposed the order information for all of their online customers. Or just targeted phishing attacks.”

Retail 274

MY TAKE: Why the next web-delivered ad you encounter could invisibly infect your smartphone

The Last Watchdog

The tech titans have swelled into multi-billion dollar behemoths by myopically focusing on delivering targeted online advertising, in support of online retailing. Cybercriminals have begun escalating their efforts to bend the legitimate online advertising and retailing fulfillment ecosystem to their whims. Hark back two decades, Olson says, and the software that website publishers deployed to conduct online advertising and retail transactions was 80 percent homegrown.

Retail 118

Meet the World’s Biggest ‘Bulletproof’ Hoster

Krebs on Security

Those include a large number of cybercrime forums and stolen credit card shops, ransomware download sites, Magecart-related infrastructure , and a metric boatload of phishing Web sites mimicking dozens of retailers, banks and various government Web site portals.

FBI Warns of ‘Unlimited’ ATM Cashout Blitz

Krebs on Security

” Organized cybercrime gangs that coordinate unlimited attacks typically do so by hacking or phishing their way into a bank or payment card processor. In both cases, the attackers managed to phish someone working at the Blacksburg, Virginia-based small bank.

List of data breaches and cyber attacks in August 2019 – 114.6 million records leaked

IT Governance

Australian education provider TAFE NSW hit by phishing scam (30). Air New Zealand warns Airpoints members after employee falls for phishing email (100,000). Florida’s NCH Healthcare System is investigating the damage of phishing scam (unknown).

Report: Threat of Emotet and Ryuk

Security Affairs

Analyzing the general distribution of the compromised domains, grouped by category, it is possible to verify that the most affected were as follows: professional/companies (20.2%), personal (13.5%), retail (12.7%) and industry (11.9%).

List of data breaches and cyber attacks in November 2019 – 1.34 billion records breached

IT Governance

fall for phishing scam (33,000). Dental Delta of Arizona discloses data breach caused by phishing attack (unknown). Connecticut’s Starling Physicians warns patients after phishing scam (unknown). breached in suspected phishing attack (unknown).

Bodybuilding.com forces password reset after a security breach

Security Affairs

Bad news for fitness and bodybuilding passionates, the popular online retailer Bodybuilding.com announced that hackers have broken into its systems. The popular online retailer website Bodybuilding.com announced last week that hackers have broken into its systems.

Redcar and Cleveland Borough Council still offline after suffering cyber attack

IT Governance

Unlike an attack on retailers, for example, victims have no alternative when systems are down. Staff awareness training is an essential and often overlooked tool in the fight against cyber crime, providing a defence against threats like phishing, which target human error.

FIN8 Hacking Group is back with an improved version of the ShellTea Backdoor

Security Affairs

At the time, FireEye and root9B published detailed reports about a series of attacks targeting the retail sector. “It is believed that the malware was deployed as a result of several phishing attempts.”

11 cyber security predictions for 2020

IT Governance

With better audio and video simulations, phishing will move on from email and text to things like Facebook videos. The retail and hospitality industries will continue to have their POS equipment targeted.

IoT 83

List of data breaches and cyber attacks in October 2019 – 421 million records breached

IT Governance

Tukwila, WA, School District hit by phishing scam (unknown). IN-based Methodist Hospitals discloses breach after two employees fall for phishing scam (68,039). Hackers target students at a Connecticut high school with phishing scam (unknown).

TA505 is expanding its operations

Security Affairs

The threat group is also known for its recent attack campaign against Bank and Retail business sectors, but the latest evidence indicates a potential expansion of its criminal operation to other industries too. The intercepted attack starts with a spear-phishing email embedding a spreadsheet.

IT 102

Online market for counterfeit goods in Russia has reached $1,5 billion

Security Affairs

Group-IB: The online market for counterfeit goods in Russia has reached $1,5 billion, while the number of phishing attacks has surpassed 1,200 daily. It also leads to a decrease in what we call the psychological price, i.e. the cost that customers are willing to pay for a product from the official retailer. Fraudsters use various ways to deceive users: phishing websites, fake mobile apps, accounts and groups on social media.