Ikea Canada has confirmed that an employee compromised a database of 95,000 Canadian customers. The employee performed unsanctioned searches of the database between March 1 and 3, Kristin Newbigging, public relations leader at Ikea Canada, explains to Dark Reading. She adds that no banking information was exposed during the unauthorized system access. READ MORE...
Colonial Pipeline is facing an almost $1 million fine for control room management failures after the US Department of Transportation alleged they contributed to the nation's fuel disruption in the wake of the 2021 ransomware attack. On Thursday, the department's Pipeline and Hazardous Materials Safety Administration issued a Notice of Probable Violation and Proposed Compliance Order to the fuel-pipeline operator, which suggests multiple violations of federal safety regulations. READ MORE...
The US Treasury has sanctioned cryptocurrency mixer Blender for its role in helping North Korea's Lazarus Group launder stolen digital assets. As a result, among other limitations, anyone in the United States or a US person can no longer do any business with Blender without special permission from the government. This marks the Feds' first-ever sanctions against a crypto mixer, which cybercriminals can use to cover their tracks. READ MORE...
The RubyGems package repository has fixed a critical vulnerability that would allow anyone to unpublish ("yank") certain Ruby packages from the repository and republish their tainted or malicious versions with the same file names and version numbers. Assigned CVE-2022-29176, the critical flaw existed on RubyGems[.]org, which is the Ruby-equivalent of npmjs[.]com, and hosts over 170,000 Ruby packages (gems) with almost 100 billion downloads served over its lifetime. READ MORE...
A credit card stealing service is growing in popularity, allowing any low-skilled threat actors an easy and automated way to get started in the world of financial fraud. Credit card skimmers are malicious scripts that are injected into hacked e-commerce websites that quietly wait for customers to make a purchase on the site. Once a purchase is made, these malicious scripts steal the credit card details and send them back to remote servers to be collected by threat actors. READ MORE...
Apple, Google and Microsoft announced this week they will soon support an approach to authentication that avoids passwords altogether, and instead requires users to merely unlock their smartphones to sign in to websites or online services. Experts say the changes should help defeat many types of phishing attacks and ease the overall password burden on Internet users, but caution that a true passwordless future may still be years away for most websites. READ MORE...