Catalin Cimpanu reports: Online stores that have been infected with the Magecart malware –known to record and steal credit card details from checkout forms– often get reinfected after clean-up operations, a recent report has revealed. “In the last quarter, 1 out of 5 breached stores were infected (and cleaned) multiple times, some even up to…
Month: November 2018
UK: Medical worker in Kilmarnock suspended over data breach
BBC reports that the medical worker allegedly involved in a privacy breach reported last week at Crosshouse Hospital has now been suspended while the police and hospital continue to investigate the incident. Read more on BBC.
That Domain You Forgot to Renew? Yeah, it’s Now Stealing Credit Cards
Brian Krebs reports: If you own a domain name that gets decent traffic and you fail to pay its annual renewal fee, chances are this mistake will be costly for you and for others. Lately, neglected domains have been getting scooped up by crooks who use them to set up fake e-commerce sites that steal…
Do you login to merchant sites using your FB or Google credentials? The Annex Cloud breach may have affected you.
Hmm. This one could result in big numbers. A notification from Title Nine about Annex Cloud. Annex Cloud is a service provider that you may never have heard of but may have used many times. The notification explains: Annex Cloud provides a service that enables individuals to use their user name and password from social media…
Children’s charity Kars4Kids leaks info on 21,000 donors
Bob Diachenko of HackenProof.com reports: Kars4Kids is a charity that asks people to donate their cars, motorcycles, RVs, and real estate. They are most known for their nationwide advertising using their hypnotic theme song where a child and a Johny Cash impersonator sing the phone number and invites people to donate their cars today. On…
WordPress GDPR plugin inadvertently exposed sites to hackers
Keumars Afifi-Sabet reports: Attackers have been exploiting a flaw in a WordPress GDPR-compliance plugin to hijack vulnerable websites and implement remote code execution. The flaw had been present in Wordfence’s GDPR Compliance plugin for at least four months and, ironically, allowed hackers to gain access to a site using the tool. Hackers could then execute any…