Security News
The Python Package Index registry has removed several Python packages this week aimed at stealing users' credit card numbers, Discord tokens, and granting code execution capabilities to attackers. Malware steals credit card numbers, browser files, Discord tokens.
Cybercrime actors part of the Magecart group have latched on to a new technique of obfuscating the malware code within comment blocks and encoding stolen credit card data into images and other files hosted on the server, once again demonstrating how the attackers are continuously improving their infection chains to escape detection. "One tactic that some Magecart actors employ is the dumping of swiped credit card details into image files on the server [to] avoid raising suspicion," Sucuri Security Analyst, Ben Martin, said in a write-up.
A Ukrainian national and a mid-level supervisor of the hacking group known as FIN7 has been sentenced to seven years in prison for his role as a "Pen tester" and perpetuating a criminal scheme that enabled the gang to compromise millions of customers debit and credit cards. FIN7, also called Anunak, Carbanak Group, and the Navigator Group, is said to have engaged in a sophisticated malware campaign at least since 2015 targeting restaurant, gambling, and hospitality industries in the U.S. to plunder credit and debit card numbers that were then used or sold for profit on underground forums.
Mercedes-Benz USA has just disclosed a data breach impacting some of its customers. The company assessed 1.6 million customer records which included customer names, addresses, emails, phone numbers, and some purchased vehicle information to determine the impact.
Eggfree Cake Box has disclosed a data breach after threat actors hacked their website to stole credit card numbers. Cake Box is a UK chain of stores selling fresh cream celebration cakes made without eggs.
Eggfree Cake Box has disclosed a data breach after threat actors hacked their website to stole credit card numbers. Cake Box is a UK chain of stores selling fresh cream celebration cakes made without eggs.
India's flag carrier airline, Air India, has disclosed a data breach affecting 4.5 million of its customers over a period stretching nearly 10 years after its Passenger Service System provider SITA fell victim to a cyber attack earlier this year. The breach involves personal data registered between Aug. 26, 2011 and Feb. 3, 2021, including details such as names, dates of birth, contact information, passport information, ticket information, Star Alliance, and Air India frequent flyer data as well as credit card data.
The attacks used fake order receipts and phone numbers in an attempt to steal credit card details from unsuspecting victims, says Armorblox. A standard phishing campaign uses email to try to trick people into divulging confidential information.
Graduating students from several universities in the U.S. have been reporting fraudulent transactions after using payment cards at popular cap and gown maker Herff Jones. Herff Jones was completely unaware of the breach until students started to complain on social media about their fraudulent charges to their payment cards.
The American Society for Clinical Pathology disclosed a payment card incident that impacted customers who entered payment info on its e-commerce website. The Chicago-based association for medical professionals is the world's largest such organization for pathologists and laboratory professionals.