Security News Round-Up: Macy’s Online Store Hacked
News Round-Up – Get a Quick Rundown of What You Need to Know
Evolver’s Cyber News Round-Up looks into recent reports and journalism covering cyber threats and trends affecting all industries. You can suggest articles to us on LinkedIn and on Twitter at @EvolverInc. Visit our cybersecurity services page to learn more about cyber risk assessment and threat protection.
Macy’s Online Store Hacked
On November 14th, Macy’s revealed that they had discovered a breach affecting their e-commerce website beginning on October 7th, according to Bank Info Security. Hackers had placed code on the checkout page as well as the wallet page of the website in order to capture any credit card information that was entered during the order or account updating processes. This information would include names, phone numbers, addresses, email addresses, payment card number, security code of the card, and expiration dates, notes the article. The attack did not affect the mobile application and the code was removed on October 15th. The retail giant has yet to confirm how many users or cards were affected and has sent emails to customers that were, Bank Info Security states.
Massive Jump in Threat Detections for Healthcare
Massachusetts residents Eric Meiggs, 21, and Declan Harrington, 20, were arrested for hacking into various victims’ phones and cryptocurrency wallets, leaving them charged with wire fraud, computer fraud and abuse, aggregated identity theft, and conspiracy, says Naked Security. The duo were able to steal $550,000 in cryptocurrency by defrauding 10 people in the United States between November 2017 and May 2018. To carry out the crime, they engaged in SIM swap fraud by calling the victims’ phone provider and stealing their identity, as stated in the article. From there, they could take over their emails and so on.
4x As Many Fake Retailers Than Real Ones During the Holidays
Naked Security stated in a recent article, “The total number of Transport Layer Security (TLS) certificates used by typosquatting domains to give themselves the aura of being safe and secure is now 400% greater than the number of authentic real domains.” The article revealed that this number is exactly 109,045 TLS certificates on fake websites, which is over double the amount there were in 2018. While not all of these sites were laced with malware, the amount that are is significantly rising. This trend has proven that merely looking for the padlock symbol and “https” on a website is no longer sufficient for ensuring a website is safe.
Louisiana Attacked With Ransomware
Some of Louisiana’s state servers were hit with ransomware, states Security Week, leading the state to pull them offline. Among the affected applications were a number of state agencies’ emails and websites, while services affected include the Louisiana Department of Health (LDH) and the Office of Motor Vehicles (OMV). So far, the services have begun to be restored but only partially. Luckily, the article states, no ransom was paid and no data loss has been identified. The event comes after four Louisiana school districts were hit with cyberattacks as well.