Tag: ecommerce
Mercedes Benz Vulnerability Places Risk of Remote Access – January 20th
CERT-UA warns of attackers impersonating the agency via fake AnyDesk requests for "security audits." Remote access should only occur with prior approval through official channels to mitigate these risks. Amid ongoing cyberattacks linked to the Russo-Ukrainian war, over 1,042 incidents were detected in 2024, including espionage and malware campaigns by groups like Gamaredon and Sticky Werewolf. Pro-Russian and pro-Ukrainian actors continue targeting each other with phishing and credential theft efforts.
Seasonal cybercrime bonanza is under way
Cybercriminals now have an unprecedented of highly effective custom-made tools designed to defraud online retailers and shoppers during the holiday season. “As we approach the end of 2024, the upcoming holiday season and events like Thanksgiving, Black Friday, Cyber Monday, and Christmas bring millions of shoppers online with attractive discounts and limited-time offers. They also create ideal conditions for cybercriminals to exploit users and shoppers,” warns threat intelligence firm FortiGuard in its report, Threat Actor Readiness for the Upcoming Holiday Season.
Scammers circling Black Friday shoppers
Scammers have stolen £11.4 billion from UK citizens over the last 12 months. According to the Global Anti-Scam Alliance’s (GASA) latest report, The State of Scams in the UK, conducted in association with the UK’s leading fraud prevention service, Cifas, this represents an increase of £4 billion over the previous year. With the Black Friday sales bonanza looming on both sides of the Atlantic, the findings come as a timely warning to online shoppers. GASA and Cifas anticipate a further spike in scam attempts this week and re-urging consumers to remain vigilant. The warning comes as 1 in 7 (15 percent) consumers surveyed said they lost cash to criminals in 2024, an increase from 10 percent in 2023. The average loss per victim was £1,400, and only 18 percent of victims recovered all their money.
Levi’s breach exposes 72k customer details
Over 72,000 US consumers may have had their account details compromised following a cyber-attack on denim clothing giant Levi Strauss & Co. Almost two weeks ago, on June 13, Levi’s spotted an unusual spike in activity on its consumer-facing website and immediately realized its users were under threat. “Our investigation showed characteristics associated with a “credential stuffing” attack where bad actor(s) who have obtained compromised account credentials from another source (such as a third-party data breach) then use a bot attack to test these credentials against another website – in this case www.levis.com,” said Levi’s in a published notice detailing the data breach.
Pittsburgh-area Water Authority Hit by Cyber Attack – November 28th
The Municipal Water Authority of Aliquippa reported a cyberattack that shut down their water pressure technology, to the U.S. Department of Homeland Security this past weekend. According to the U.S. Department of Homeland Security, the unassuming cyberattack may come with serious international implications, with the attack suspected to come from an anti-Israeli Iranian threat actor group labeled as "Cyber Av3ngers". This nation-state cyberattack is not the first to disrupt critical water infrastructure.