Collaborate Disseminate
As trusted partners, third-party vendors often become the overlooked or unwitting accomplice in criminal activities. As privacy laws and cybersecurity regulations continue to increase accountability around data confidentiality and protection, eSentire … Continue reading Nearly half of firms suffer data breaches at hands of vendors
Organizations and third parties see their third-party cyber risk management (TPCRM) practices as important but ineffective. There are four major takeaways for key decision makers: Current practices and technologies used to support TPCRM and assess thir… Continue reading Third-party cyber risk management a burden on human and financial resources
Online retail activity continues to accelerate at a rampant pace and shows no signs of slowing down. According to the National Retail Federation (NRF), U.S. retail sales are expected to rise between 3.8 and 4.4 percent to more than $3.8 trillion in 201… Continue reading Guilty by association: The reality of online retail third-party data leaks
Security researchers have flagged a new web-based supply chain attack by one of the cybercriminal groups that fall under the Magecart umbrella. The attackers managed to compromise Adverline, a French online advertising company with a European-focused c… Continue reading Compromised ad company serves Magecart skimming code to hundreds of websites
The Ponemon Institute surveyed more than 1,000 CISOs and other security and risk professionals across the US and UK to understand the challenges companies face in protecting sensitive and confidential information shared with third-party vendors and par… Continue reading Third parties: Fast-growing risk to an organization’s sensitive data
The Magecart threat looms large for online retailers and their customers, as the criminal groups that have been assigned this collective name are constantly trying out new tricks for stealthily compromising the shops and achieving persistence. Accordin… Continue reading 1 in 5 merchants compromised by Magecart get reinfected
Web analytics company Statcounter and cryptocurrency exchange gate.io have been compromised in another supply-chain attack, which resulted in an unknown number of gate.io customers getting their money stolen, according to ESET. The attack The compromis… Continue reading Attackers breached Statcounter to steal cryptocurrency from gate.io users
The U.S. Department of Defense confirmed on Friday that personal information and credit card data of some 30,000 U.S. military and civilian personnel has been compromised in a breach affecting a DoD’s third party contractor. Apparently, no classi… Continue reading Hackers steal Pentagon personnel’s PI and credit card data
The cybercriminal groups under the Magecart umbrella strike again and again, and one of them has apparently specialized in compromising third parties to more easily get in as many online shops as possible. The latest target of Magecart Group 5, as it h… Continue reading Magecart hacks Shopper Approved to simultaneously hit many e-commerce sites
Customer engagement service Feedify has been hit by Magecart attackers, who repeatedly modified a script that it serves to a few hundred websites to include payment card skimming code. The current situation The compromise was first flagged by someone w… Continue reading Magecart compromises Feedify to get to hundreds of e-commerce sites