Vision Direct, a UK-based contact lens retailer, has exposed at least 16,300+ customers’ personal data, including payment card numbers, expiration dates and CVV codes in a breach affecting its UK site and local versions in Ireland, the Netherlands, France, Spain, Italy and Belgium. In a statement, Vision Direct said that customers who entered their details into the sites between Nov. 3-8 could have been impacted. A fake Google Analytics script placed within the websites’ code was the apparent cause. Bryan Becker, Application Security Researcher, WhiteHat Security: “Although we cannot confirm attribution, this attack has all the hallmarks of a ‘Magecart’ attack. Some of…
ISBuzz Team
With Black Friday and Cyber Monday almost upon us, please see below for commentary from cybersecurity experts on how to navigate both shopping days without getting scammed or hacked. Tim Mackey, SeniorTechnical Evangelist at Synopsys: “The core challenge as I see it relates to either inbound email ads or people searching for great deals and ending up in locations they didn’t expect. The key is to identify the legitimate from the fake when a “50% off all iPads” deal is enticing. With all the various data breaches over the past few years, identification is particularly difficult. Some simple options are:…
European online contact lens supplier Vision Direct has revealed a data breach which compromised full credit card details for a number of its customers, as well as personal information. Compromised data includes full name, billing address, email address, password, telephone number and payment card information, including card number, expiry date and CVV. IT security experts commented below. Craig Young, Security Researcher at Tripwire: Based on the description Vision Direct provided on the types of exposed data, it seems likely that an attacker was able to inject JavaScript onto the main Vision Direct web site. For example, an attacker may have…
According to new data by TrendMicro, attackers utilising the Emotet banking Trojan predominantly used internet providers located in the U.S.A. to host their Command & Control infrastructure. In a recent blog post, TrendMicro states that the United States of America, with a 45% share, hosts more Emotet C2 infrastructure through Comcast, followed by Mexico and Canada. The top 3 ASN numbers being used to host the C2 servers are 7922 (Comcast Cable), 8151 (Telmex), and 22773 (Cox Communications). This infrastructure was determined by actively tracking Emotet and with nearly 15 thousand artefacts ranging between June and September 2018. Ryan Wilk, VP at NuData Security: “Banking providers in the US need to be acutely aware…
It has been reported that the Make-A-Wish foundation’s international website has been loaded with cryptomining malware scripts. Researchers with Trustwave say the WorldWish.org site was compromised via a Drupal exploit and seeded with malicious JavaScript that enlisted the CPU cycles of visitor’s machines to covertly generate cryptocurrency. Gavin Millard, VP of intelligence at Tenable: “This appears to be an opportunistic hack rather than targeted at the Make-A-Wish foundation itself. In all probability, the threat actors were using an automated script to hunt for vulnerable servers, automatically install the malware and didn’t care or even notice what or who they’d compromised. This is criminal activity and the…
Juniper Research is predicting that annual online payment fraud losses from eCommerce, airline ticketing, money transfers and banking services, will reach $48 billion by 2023 which is up from the $22 billion in losses projected for 2018. Ryan Wilk, VP of Customer Success at Nudata Security: “With complete user identities available on the dark web due to the steady drumbeat of breaches and leaks, the rise in online fraud isn’t surprising. However, protecting accounts with additional friction can affect the user experience – and the company’s revenue. This is why we’re seeing more businesses shift to a multi-layered approach to verify…
New findings from New York University Tandon and Michigan State University on “synthetic biometrics” show how fake biometrics can potentially be used: DeepMasterPrints: Generating MasterPrints for Dictionary Attacks – here’s the Guardian story on this: Fake fingerprints can mimic real ones in biometric systems. In response, a cybersecurity expert with OneSpan offers perspective. Sam Bakken, Senior Product Marketing Manager at OneSpan: “This is impressive research that will contribute to continued improvement in the security of biometric authentication, but that doesn’t mean it’s time for financial institutions to give up on fingerprint recognition and authentication. The research was conducted in a laboratory environment with plenty of resources,…
We are in an era of intelligent and urgent urban innovation. Our homes are connected, our streets are thriving labyrinths of interconnectivity, and our businesses are a hive of data streaming and surveillance. Communities are now emerging as sophisticated centres of technical excellence, prompting micro and macro revolutions in virtually every aspect of our lives. Across the world, digital “smartness” is either being activated, enhanced, evangelised or considered a transformative option. Is this trend a good one? As the popularity and inevitability of smart cities expand, so too does a cybercriminal’s opportunistic attack surface. Are we now putting the public’s…
A committee of UK MPs has urged the Prime Minister to appoint a minister for cybersecurity to cabinet, to take charge of efforts to improve the countries cyber security. The joint committee on national security strategy said that the UK’s current level of ministerial oversight was “wholly inadequate”. Irra Ariella Khi, CEO of VChain, has commented on the importance of a proactive government strategy in enforcing the adoption of concepts such a privacy by design in critical infrastructure companies. Irra Ariella Khi, CEO at VChain: “Appointing a dedicated cyber security minister would bring much needed focus and resource to improve cyber defence and…
Juniper Threat Labs has just posted new findings on malware that hunts and infects Docker services: Container malware: Miners go Docker hunting in the cloud. The in-the-wild malware hunts for misconfigured publicly exposed Docker services in the cloud and infects them with containers that run Monero miners. Mounir Hahad, Head of Juniper Threat Labs at Juniper Networks: “The advent of microservices has led to us witnessing containers take the cloud by storm. But, this boom in the container-cloud relationship is exposing security issues that are inviting malware into the party as well. Juniper Threat Labs recently discovered an infection in the wild that hunts for…