Security Affairs
WordPress Plugin abused to install e-skimmers in e-stores
Threat actors are exploiting a WordPress plugin to insert malicious PHP code in e-commerce sites and steal credit card data.
DataBreaches
Sg: Victims lose $237,000 amid resurgence in SingPost and Singtel phishing scams: Police
Aqil Hamzah reports: At least 85 people here have lost about $237,000 since January 2022 after falling victim to phishing scams involving purported e-mails...
Ars Technica
DALL-E image generator is now open to everyone
DALL-E launched frenzy of image synthesis development but was invitation-only until now.
The Cyber Express
Anonymous Collective Targets Bahrain’s E Visa Service
The notorious hacktivist group, Anonymous Collective, has reportedly targeted the E Visa service of the Bahrain government. The cyberattack on
Trend Micro
Accelerating into 2024 with NEOM McLaren Formula E
Learn more about how Trend is engineering innovation and resiliency with NEOM McLaren Formula E Team in 2024 and beyond.
The Record
Moldovan national sentenced in E-Root cybercrime marketplace case
Sandu Boris Diaconu, 31, was an administrator for the E-Root Marketplace, which authorities took down in 2020.
SecurityWeek
Aqua Security Scores $60M Series E Funding
Late-stage player in the CNAPP space secures a $60 million extended Series E funding round at a valuation north of $1 billion.
Trend Micro
Security Risks in Logistics APIs Used by E-Commerce Platforms
Our research examines the security flaws that we found in the logistics API implementation of e-commerce platforms that can potentially expose the consumers’ personal information. We discuss the security risks that such flaws present for software engineers, e-commerce platform providers, and consumers.
The Hacker News
Top Cyber Threats Facing E-Commerce Sites This Holiday Season
Learn more about the risks and vulnerabilities affecting your e-commerce web application this holiday season in our latest blog.
CyberNews
OpenAI tests DALL-E 3 detection tool
OpenAI has said that it’s building a tool to detect content created by its text-to-image generator DALL-E 3, with early testing showing 98% accuracy.
The Record
Google tool for e-commerce sites being abused by hackers stealing card data, personal info
Hackers are abusing Google’s Tag Manager containers to install malicious e-skimmers that steal payment card data and other information of e-commerce site shoppers.
Cyber Security News
New Fake E-Shopping Attack Hijacking Users Banking Credentials
A fake e-shop scam campaign has been targeting Southeast Asia since 2021, as CRIL observed a surge in activity in September 2022, with the
Security Affairs
Ongoing Xurum attacks target Magento 2 e-stores
Experts warn of ongoing attacks, dubbed Xurum, targeting e-commerce websites using Adobe’s Magento 2 CMS. Akamai researchers warn of ongoing attacks, dubbed Xurum, targeting e-commerce websites running the Magento 2 CMS. The attackers are actively exploiting a server-side template injection issue, tracked as CVE-2022-24086, (CVSS score: 9.8), in Adobe Commerce and Magento Open Source. The […]
Security Affairs
Exploitation attempts for Oracle E-Business Suite flaw observed after PoC release
Threat actors started exploiting a critical Oracle E-Business Suite flaw, tracked as CVE-2022-21587, shortly after a PoC was published. Shadowserver researchers warn that threat actors have started attempting to exploit critical Oracle E-Business Suite flaw (CVE-2022-21587) shortly after a PoC was published. The E-Business Suite is a set of enterprise applications that allows organizations automate […]
The Hacker News
Russian Operator of BTC-e Crypto Exchange Pleads Guilty to Money Laundering
Russian operator of BTC-e crypto exchange pleads guilty to money laundering charges spanning 2011-2017.
Infosecurity News
Black Friday: Significant Security Gaps in E-Commerce Web Apps
Millions of consumers’ PII could be at risk due to exploitable vulnerabilities and a lack of basic security protocols in e-commerce web apps
The Record
US announces another arrest in BTC-e cybercrime case
A Belarusian and Cypriot national allegedly connected with the defunct cryptocurrency exchange BTC-e is in U.S. custody and faces charges related to money laundering, federal prosecutors said Thursday.
Security Affairs
Moldovan citizen sentenced in connection with the E-Root marketplace case
US DoJ sentenced a Moldovan national (31) to 42 months in federal prison for operating the E-Root cybercrime marketplace.
The Hacker News
GuLoader Malware Using Malicious NSIS Executable to Target E-Commerce Industry
South Korean and American e-commerce industries have been targeted by a GuLoader malware campaign.
Security Affairs
Russian e-commerce giant Elevel exposed buyers’ delivery addresses
A leading electrical engineering company in Russia, Elevel, has exposed its customers’ personally identifiable information (PII,) including full names and addresses. Original post at https://cybernews.com/privacy/russian-e-commerce-giant-data-leak/ Founded in 1991, Elevel (previously Eleko) positions itself as the leading Russian electrical engineering company that runs both an e-commerce business and wholesale stores. On January 24, the Cybernews research […]
Naked Security
Adobe fixes zero-day exploit in e-commerce code: update now!
There’s a remote code execution hole in Adobe e-commerce products – and cybercrooks are already exploiting it.
ZDNet
Singapore launches safety rating scheme for e-commerce sites | ZDNet
Assessing e-commerce marketplaces based on their anti-scam measures, the scheme gives Facebook Marketplace the lowest rating while Lazada and Amazon are amongst those that received the highest.
The Record
N. Korea-linked operation combines US military lures, S. Korean e-commerce sites
In a campaign that researchers at Securonix are calling STARKMULE, hackers are sending out emails with fake U.S. military job-recruitment documents and also using South Korean e-commerce sites as part of the operation.
ZDNet
Singapore busts network hawking contraband e-vaporisers via Telegram | ZDNet
Health Sciences Authority says smugglers and peddlers have tapped messaging apps, such as Telegram and WeChat, to advertise and sell e-vaporisers, which are prohibited in the country.
Latest Hacking News
Invision Community Vulnerabilities Risk E-Commerce Websites
A security researcher spotted numerous vulnerabilities in the Invision Community software that risked the corresponding e-commerce websites. While the vendors patched one of the two flaws, the other still remains a zero-day despite public disclosure. Multiple
The Cyber Express
Escalation of Fake E-Shop Campaign Threatens Banking Security in Multiple Regions
A recent analysis by Cyble has revealed a concerning escalation in the fake e-shop campaign, signaling a looming threat to
HACKRead
Dark Web Tool Arms Ransomware Gangs: E-commerce & Aviation Industries Targeted
From dark web to ransomware gangs, new tools and tactics are aiding cyber criminals in targeting E-commerce and Aviation Industries.
Security Affairs
Alexander Vinnik, the operator of BTC-e exchange, pleaded guilty to money laundering
Alexander Vinnik, a Russian operator of virtual currency exchange BTC-e pleaded guilty to participating in a money laundering scheme.
Security Affairs
Threat actors compromised +500 Magento-based e-stores with e-skimmers
Experts uncovered a mass Magecart campaign that compromised over 500 e-store running the Magento 1 eCommerce platform. Researchers from cybersecurity firm Sansec uncovered a massive Magecart campaign that already compromised more than 500 online stores running the Magento 1 eCommerce platform. Threat actors behind this campaign deployed a digital skimmer that was being loaded from the naturalfreshmall(.)com domain. […]
The Hacker News
E-Root Marketplace Admin Sentenced to 42 Months for Selling 350K Stolen Credentials
Moldovan national gets 3+ years in US prison for running E-Root Marketplace, a massive platform selling stolen login details.
The Hacker News
Password Reset Hack Exposed in Honda's E-Commerce Platform, Dealers Data at Risk
Security researcher uncovers major vulnerabilities in Honda's e-commerce platform, exposing sensitive dealer information.
The Hacker News
Ongoing Xurum Attacks on E-commerce Sites Exploiting Critical Magento 2 Vulnerability
E-commerce sites using Adobe's Magento 2 software are under attack. Ongoing campaign called Xurum exploits critical flaw.
The Hacker News
Hackers Exploit Magento Bug to Steal Payment Data from E-commerce Websites
Exploit alert for Magento users! A critical flaw, CVE-2024-20720, allows threat actors to sneak a persistent backdoor into e-commerce sites.
The Cyber Express
MediSecure Data Breach an ‘Isolated’ Attack; No Impact on Current e-Prescriptions
The MediSecure data breach is an “isolated” attack with no impact on the current e-Priscription services, the Australian National Cyber
Bleeping Computer
E-Root admin faces 20 years for selling stolen RDP, SSH accounts
Sandu Diaconu, the operator of the E-Root marketplace, has been extradited to the U.S. to face a maximum imprisonment penalty of 20 years for selling access to compromised computers.
Bleeping Computer
E-commerce giant Mercado Libre confirms source code data breach
E-commerce giant Mercado Libre has confirmed "unauthorized access" to a part of its source code this week. Mercado additionally says data of around 300,000 of its users was accessed by threat actors.
Bleeping Computer
Dutch Police mails RaidForums members to warn they’re being watched
Dutch Police is sending emails to former RaidForums members, asking them to delete stolen data and stop illegal cyber activities and warning that they are not anonymous.
The Hacker News
Belarusian National Linked to BTC-e Faces 25 Years for $4 Billion Crypto Money Laundering
Former operator of defunct crypto exchange BTC-e faces 25 years in prison for alleged $4 billion money laundering scheme.
ZDNet
Tampering with ACT overseas e-voting system did not need key, researcher finds
Australia's Electoral Commission thought the ACT's e-voting system would be secure so long as its encryption key remained private, but a researcher has found this is not the case.
Krebs on Security
Canadian Man Stuck in Triangle of E-Commerce Fraud
A Canadian man who says he's been falsely charged with orchestrating a complex e-commerce scam is seeking to clear his name. His case appears to involve "triangulation fraud," which occurs when a consumer purchases something online -- from a seller…
Bleeping Computer
E-commerce giant suffers major data breach in Codecov incident
E-commerce platform Mercari has disclosed a major data breach incident that occurred due to exposure from the Codecov supply-chain attack. Mercari is a publicly traded Japanese company and an online marketplace that has recently expanded its operations to the United States and the United Kingdom.
Bleeping Computer
Warning: Popular e-cigarette store hacked to steal credit cards
BleepingComputer has confirmed Element Vape, a prominent online seller of e-cigarettes and vaping kits is serving a credit card skimmer on its live site, likely after getting hacked. Element Vape has a presence across the U.S. and Canada and sells products in both retail outlets and on their online store.
Bleeping Computer
Stop vaping: Major e-cigarette store hacked to steal credit cards
BleepingComputer has confirmed Element Vape, a prominent online seller of e-cigarettes and vaping kits is serving a credit card skimmer on its live site, likely after getting hacked. Element Vape has a presence across the U.S. and Canada and sells products in both retail outlets and on their online store.
Security Affairs
A man faces up to 25 years in prison for his role in operating unlicensed crypto exchange BTC-e
Belarusian/Cypriot national linked with cryptocurrency exchange BTC-e is facing charges that can lead maximum penalty of 25 years in prison
Bleeping Computer
UK e-visa rollout begins today: no more immigration cards for millions
Starting today, millions living in the UK will receive email invitations to sign up for an e-visa account that will replace their physical immigration documents like Biometric Residence Permits (BRPs). The move is, according to the Home Office, "a key step in creating a modernised and digital border."
Security Affairs
Russians charged with hacking Mt. Gox exchange and operating BTC-e
Two Russian nationals have been charged with the hack of the cryptocurrency exchange Mt. Gox in 2011 and money laundering. Russian nationals Alexey Bilyuchenko (43) and Aleksandr Verner (29) have been charged with the hack of the cryptocurrency exchange Mt. Gox in 2011 and the operation of the illicit cryptocurrency exchange BTC-e. The duo has […]
DataBreaches
Parathon by JDA e-Health: what we still don’t know about their July ransomware incident
On August 1, DataBreaches noticed that Parathon by JDA e-Health had been listed on the Akira ransomware leak site. Neither Akira nor Parathon responded to...
Security Affairs
Cybercriminals Deliver IRS Tax Scams & Phishing Campaigns By Mimicking Government Vendors
Threat intelligence firm Resecurity details how crooks are delivering IRS tax scams and phishing attacks posing as government vendors. Cybercriminals are leveraging advanced tactics in their phishing-kits granting them a high delivery success rate of spoofed e-mails which contain malicious attachments right before the end of the 2021 IRS income tax return deadline in the […]
Bleeping Computer
UK e-visa rollout starts today for millions: no more physical immigration cards
Starting today, millions living in the UK will receive email invitations to sign up for an e-visa account that will replace their physical immigration documents like Biometric Residence Permits (BRPs). The move is, according to the Home Office, "a key step in creating a modernised and digital border."
Security Affairs
Tax preparation and e-file service eFile.com compromised to serve malware
The eFile.com online service, which is authorized by the US Internal Revenue Service (IRS), was spotted serving malicious malware to visitors. eFile.com, the personal online tax preparation and e-file service authorized by the US Internal Revenue Service (IRS), was spotted serving malware to visitors. The service helps taxpayers to file tax returns, experts reported that […]
Cyber Security News
Ukraine Warns of Massive Cyberattack Targeting Telecommunications
The Computer Emergency Response Team of Ukraine (CERT-UA) warns of massive cyberattacks targeting telecommunication operators. According to the report, CERT-UA received information from a participant in the information exchange on the mass mailing of e-mails among media organizations of Ukraine including radio stations, newspapers, news agencies, etc titled "LIST of links to interactive maps".
The Hacker News
Cyberattacks Targeting E-commerce Applications
Cyberattacks are common and no company is immune. Regular scans & vulnerability assessments are crucial. Understand the eight key areas.
Security Affairs
Attackers use encrypted RPMSG messages in Microsoft 365 targeted phishing attacks
Experts warn of phishing attacks that are combining the use of compromised Microsoft 365 accounts and .rpmsg encrypted emails. Trustwave researchers have observed threat actors using encrypted RPMSG attachments sent via compromised Microsoft 365 accounts in a phishing campaign aimed at stealing Microsoft credentials. RPMSG files are used to deliver e-mails with Rights-Managed Email Object Protocol enabled. […]
DataBreaches
Atlanta Allergy & Asthma first mails notices to patients; data was dumped back in March
On March 3, DataBreaches.net reported that Atlanta Allergy & Asthma had apparently been compromised by Nefilim threat actors, who had dumped more than 2 GB...
DataBreaches
Attorney General James Secures $1.9 Million from E-Commerce SHEIN and ROMWE Owner Zoetop for Failing to Protect Consumers’ Data
October 12 – NEW YORK – New York Attorney General Letitia James today secured $1.9 million from e-commerce retailer, Zoetop Business Company, Ltd...
Computerworld
Top 6 e-signature software tools
Electronic signature apps help businesses digitize processes that require signatures, such as contracts and legal documents. Integrating these tools into other business processes is the next step for enterprises. Here are the key features and top products to consider.
DarkReading
Magecart Attackers Pioneer Persistent E-Commerce Backdoor
The infamous payment-skimmer cybercrime organization is exploiting CVE-2024-20720 in Magento for a novel approach to stealing card data.
Infosecurity News
Russian Duo Indicted Over E-Book Piracy
St Petersburg couple were arrested in Argentina
Infosecurity News
BTC-e $9bn Crypto-Money Launderer Pleads Guilty
Russian national Alexander Vinnik has pleaded guilty to his role in a multibillion-dollar money laundering conspiracy
DarkReading
Cheating Hack Halts Apex Legends E-Sports Tourney
Electronic Arts is trying to track down the RCE exploit that allowed hackers to inject cheats into games during the recent Apex Legends Global Series.
Infosecurity News
E-commerce Fraud Surges By Over 50% Annually
Online merchants plan to increase budgets and new hires
ZDNet
Latin e-commerce giant Mercado Libre hacked | ZDNet
According to the company, information relating to 300,000 users of the platform was exposed.
DataBreaches
Russian e-commerce giant exposed buyers’ delivery addresses
Jurgita Lapienytė reports: A leading electrical engineering company in Russia, Elevel, has exposed its customers’ personally identifiable information...
Infosecurity News
Russians Charged with Mt Gox Heist and BTC-e
One allegedly used stolen funds to help set up the crypto exchange
Security Affairs
3.5M exposed in COVID-19 e-passport leak
Passports, mobile numbers, and email addresses of Indian travelers have been leaked, leaving 3.5 million individuals at risk of identity theft.
CyberNews
3.5M exposed in COVID-19 e-passport leak
Passports, mobile numbers, and email addresses of Indian travelers have been leaked.
Infosecurity News
DogeRAT Malware Impersonates BFSI, Entertainment, E-commerce Apps
Discovered by CloudSEK, the malicious campaign relies on open source Android malware
Infosecurity News
CISA: Patch Bug Exploited by Chinese E-commerce App
Zero-day was linked to malicious Pinduoduo apps
DarkReading
Name That Toon: It's E-Live!
Feeling creative? Submit your caption and our panel of experts will reward the winner with a $25 Amazon gift card.
ThreatPost
‘Malsmoke’ Exploits Microsoft’s E-Signature Verification
The info-stealing campaign using ZLoader malware – previously used to deliver Ryuk and Conti ransomware – already has claimed more than 2,000 victims across 111 countries.
Security Affairs
Anonymous targets western companies still active in Russia, including Auchan, Leroy Merlin e Decathlon
Anonymous launches its offensive against Wester companies still operating in Russia, it ‘DDoSed’ Auchan, Leroy Merlin e Decathlon websites. Since the start of the Russian invasion of Ukraine on February 24, Anonymous has declared war on Russia and launched multiple cyber-attacks against Russian entities, including Russian government sites, state-run media websites, and energy firms. Anonymous recently declared war on all companies that […]
Infosecurity News
Moldovan Behind E-Root Marketplace Gets US Federal Prison Term
Sandu Boris Diaconu was involved in conspiracy to commit access device and computer fraud
Security Affairs
E-prescription provider MediSecure impacted by a ransomware attack
Electronic prescription provider MediSecure in Australia suffered a ransomware attack likely originate from a third-party vendor.
Ars Technica
Google’s PaLM-E is a generalist robot brain that takes commands
ChatGPT-style AI model adds vision to guide a robot without special training.
Bleeping Computer
UK to replace physical biometric immigration cards with e-visas
By 2025, Britain is set to ditch physical immigration documents like Biometric Residence Permits (BRPs) and Biometric Residence Cards (BRCs) in a bid to make its borders digital, in-line with developed countries like Australia. Understand what these Home Office changes mean for existing BRP and BRC holders, and what you need to do.
Cyber Security News
Hackers Steal Over 50,000 Payment Card Records Using E-Skimmer
Two web-skimming Magecart campaigns that targeted three different online ordering platforms have stolen payment card details from more than 310 restaurants.
Bleeping Computer
Russians charged with hacking Mt. Gox crypto exchange, running BTC-e
Russian nationals Alexey Bilyuchenko and Aleksandr Verner have been charged with the 2011 hacking of the leading (at the time) cryptocurrency exchange Mt. Gox and the laundering of around 647,000 bitcoins they stole.
Bleeping Computer
BTC-e server admin indicted for laundering ransom payments, stolen crypto
Aliaksandr Klimenka, a Belarusian and Cypriot national, has been indicted in the U.S. for his involvement in an international cybercrime money laundering operation.
Infosecurity News
SCA Rules Come into Force Today for E-commerce Transactions
From today, UK shoppers will have to provide a combination of two forms of identification at checkout when making an online purchase
Security Affairs
Europol and ENISA spotted 443 e-stores compromised with digital skimming
A joint law enforcement operation led by Europol and the ENISA identified 443 online shops compromised with web skimming.
DataBreaches
Parts of Kazakhstan e-gov portal infected with Razy malware
Razy malware has been around for a number of years now, and is still causing trouble. A Windows-based malware, one of the reasons that the malware has...
The Record
Russian operator of BTC-e crypto exchange pleads guilty to money laundering
Alexander Vinnik oversaw an operation that processed $9 billion in transactions, many of them allowing cybercriminals to transfer, launder and store the proceeds of their illegal activities.
ZDNet
Brazilian e-commerce firm Americanas reports multimillion-dollar loss following cyberattack | ZDNet
The company's transactional platforms were unavailable for a week following the incident in February.
Krebs on Security
E-Crime Rapper ‘Punchmade Dev’ Debuts Card Shop
The rapper and social media personality Punchmade Dev is perhaps best known for his flashy videos singing the praises of a cybercrime lifestyle. With memorable hits such as "Internet Swiping" and "Million Dollar Criminal" earning millions of views, Punchmade has…
Ars Technica
Chuck E. Cheese still uses floppy disks in 2023, but not for long
Employee TikTok reveals a floor show upgrade from floppy and DVD—possibly for the last time.
The Record
Europol identifies hundreds of e-commerce platforms used in digital skimming attacks
A two-month investigation led by authorities in Greece found 443 online sellers being targeted by digital credit card skimming attacks.
Ars Technica
Hundreds of e-commerce sites booby-trapped with payment card-skimming malware
Magecart hackers strike again.
ThreatPost
Threat Advisory: E-commerce Bots Use Domain Registration Services for Mass Account Fraud
Jason Kent, hacker-in-residence at Cequence Security, discusses sneaky shopping bot tactics (i.e., domain parking) seen in a mass campaign, and what retail security teams can do about them.
DataBreaches
BTC-e Operator Vinnik’s Five-Year Prison Sentence Upheld by Court: Report
Kevin Reynolds reports: The five-year prison term for Russian Alexander Vinnik, convicted in France on money laundry charges, was upheld by the Court of Appeal...
Ars Technica
DALL-E 2 and Midjourney can be a boon for industrial designers
AI lets designers input abstract concepts and turn them into a flood of images.
The Record
Researchers find dozens of fake E-ZPass toll websites after FBI warning
The FBI said in an alert that since early March there have been more than 2,000 complaints reporting texts impersonating toll collection services.
The Hacker News
Rogue WordPress Plugin Exposes E-Commerce Sites to Credit Card Theft
Watch out for WordPress plugin that can create fake administrator users and inject malicious JavaScript code to steal credit card information
CSO
Dropbox Sign hack exposed user data, raises security concerns for e-sign industry
The names and email addresses of those customers were also exposed who had never created an account with Dropbox Sign but had “received or signed a document through Dropbox Sign.”
The Hacker News
WordPress Plugin Exploited to Steal Credit Card Data from E-commerce Sites
Unknown threat actors target WordPress sites using lesser-known code snippet plugins
Ars Technica
OpenAI debuts DALL-E API so devs can integrate its AI artwork into their apps
OpenAI offers integrated AI image generation on demand—for 2 cents an image.
Ars Technica
Google’s RT-2 AI model brings us one step closer to WALL-E
"First-of-its-kind" robot AI model can recognize trash and perform complex actions.
DataBreaches
Journalist detained after claiming Turkey’s e-government system was hacked
Bianet reports: The Ministry of Interior filed a complaint against İbrahim Haskoloğlu, a journalist who shared ID cards allegedly belonging to President...
Cyber Security News
Magento Vulnerability Let Attackers Inject Backdoor On E-commerce Websites
A sophisticated vulnerability within the Magento ecommerce platform has been unveiled, posing a significant threat to
ZDNet
Deal alert: These 10 e-learning bundles teach ethical hacking, cryptocurrency trading, more | ZDNet
An outstanding Valentine's Day present lasts for a long time, but the very best gift is one that can build a better future. Gift one of these bundles during our holiday sale!
Bleeping Computer
A lifetime of e-learning is only $120 for a limited time in this deal
Get The Ultimate Lifetime Bundle of StackSkills + Infosec4TC + Stone River on sale for just $119.99 (reg. $480) for a limited time only
Loading more articles....