August 1, 2024 at 03:12AM Facebook users are being targeted by a scam e-commerce network using fake websites to steal personal and financial data through malvertising. The campaign, known as ERIAKOS, targets mobile users with ad lures on Facebook, impersonating well-known brands. Similar criminal networks have been identified, indicating a growing trend in online fraud … Read more
July 7, 2024 at 11:29AM Shopify denies data breach following a threat actor’s sale of alleged customer data stolen from its network. The company attributes the data loss to a third-party app and expects the app developer to notify affected customers. The threat actor, ‘888,’ has a history of selling or leaking data from various … Read more
May 17, 2024 at 05:54AM C/side, a cybersecurity startup, has raised $1.7 million in pre-seed funding led by Scribble Ventures and angel investors. The company offers tools to monitor and secure third-party scripts in browsers, with AI for autonomous detection. C/side plans to use the funding to accelerate product development and expand its partner programs … Read more
April 12, 2024 at 01:57AM Cybersecurity researchers have uncovered a credit card skimmer camouflaged in a fake Meta Pixel tracker script to evade detection. The malware is injected into websites through tools like WordPress plugins and Magento admin panel, allowing the injection of malicious JavaScript. Sites using WordPress and Magento are at risk of another … Read more
April 6, 2024 at 06:33AM Threat actors exploit a critical flaw in Magento, using CVE-2024-20720 to inject a backdoor for arbitrary code execution. The attack involves using Magento layout parser and beberlei/assert package to execute system commands via sed. Russian government has charged six individuals for using skimmer malware to steal credit card information from … Read more
January 22, 2024 at 03:31PM A security researcher in Germany was fined €3,000 for reporting a vulnerability in an e-commerce database that put customer information at risk. Modern Solution GmbH downplayed the data exposure, leading to a legal battle. Hendrik H. was initially vindicated by the District Court but was eventually fined and is planning … Read more
December 18, 2023 at 01:59PM VF Corporation, a Colorado-based global apparel firm with 13 brands, including Supreme and The North Face, experienced a cyberattack on December 13, 2023, causing operational disruptions. The company is working to restore IT systems and minimize impact on retail and e-commerce operations, but the full extent and impact of the … Read more
November 27, 2023 at 02:50PM Healthcare company Henry Schein has reported a second cyberattack this month by the BlackCat/ALPHV ransomware gang, following a breach in October. The company has restored its U.S. e-commerce platform and expects the platforms in Canada and Europe to be back online soon. The BlackCat gang claims to have stolen 35 … Read more
November 24, 2023 at 10:40AM The owner of OpenCart, an e-commerce store management system, has responded hostilely to a security researcher who disclosed a vulnerability in the product. The researcher, Mattia Brollo, tried to contact OpenCart for nearly a month through various channels before receiving dismissive and offensive responses from the owner, Daniel Kerr. OpenCart … Read more