U.S. fast-food restaurant chain Krystal disclosed a security incident involving one of is payment processing systems and affecting some of its restaurants between July and September 2019. Krystal was founded back in 1932, currently has 342 locations in the Southern United States and "is the original quick-service restaurant chain in the South" according to a press release published on Friday. Source: Bleeping Computer
Read moreFrench fashion online store Sixth June is offering shoppers more than the latest in men and women streetwear apparel as the site was infected some time ago with code that steals payment card info at checkout. The infosec community typically refers to this type of scripts as MageCart because they initially targeted sites using the Magento e-commerce platform. Source: Bleeping Computer
Read moreAn unsecured Elasticsearch database left exposed the account information of about 7.5 million Adobe Creative Cloud users. Comparitech, in association with security researcher Bob Diachenko, found the Adobe database, which could be accessed without a password or any login credentials. The company was notified on October 19 and the database was locked down that day. Source: SC Magazine
Read moreOne Magecart group decided that helping cancer victims is not enough of a reason to deter them from hitting the American Cancer Society’s online store with skimming malware. Sanguine Security found the malware on www.shop.cancer.org/ hiding behind the GoogleTagManager code. The store sells t-shirts emblazoned with the organization’s logo. Source: SC Magazine
Read moreRandori, a Boston-based startup from a former Carbon Black executive and a former red team consultant, announced its first product today. Called Randori Recon, this service is designed to act with a hacker’s mindset to surface all of your company’s external weaknesses. Source: Tech Crunch
Read moreOCALA, Fla. — Ocala officials said Thursday that the city had suffered a “net financial loss” as a result of a recent email "spear phishing" scam, the latest in a series of recent cybercrimes against Central Florida municipalities. Source: My News 13
Read moreGoogle Cloud Platform suffered issues around the same time as Amazon Web Services but claims they were not caused by DDoS. A significant distributed denial-of-service (DDoS) attack lasting approximately eight hours affected Amazon Web Services yesterday, knocking its S3 service and other services offline between 10:30 a.m. and 6:30 p.m. PDT. Source: Dark Reading
Read moreCybercriminals continue to seed app stores with malicious apps, advanced attackers successfully compromise mobile devices, and advertisers continue to track users, new reports show. The ubiquity of mobile devices continues to attract attackers as malicious apps have surged 20% across third-party app stores, advertisers and tracking firms account for nine of 10 API calls for top mobile applications, and nation-state actors increasingly target mobile devices, according to a trio of reports released this week. Source: Dark...
Read more
A hacker admitted to planting hardware keyloggers on computers belonging to two companies to get unauthorized to their networks and steal proprietary data. He now faces 12 years of prison time. It appears that the individual was after data relating to an "emerging technology" that both targeted companies were developing. Source: Bleeping Computer
Read moreA new malware is targeting Discord users by modifying the Windows Discord client so that it is transformed into a backdoor and an information-stealing Trojan. The Windows Discord client is an Electron application, which means that almost all of its functionality is derived from HTML, CSS, and JavaScript. This allows malware to modify its core files so that the client executes malicious behavior on startup. Source: Bleeping Computer
Read more