Green Bay Packers’ online store hacked to steal credit cards

The Green Bay Packers American football team is notifying fans that a threat actor hacked its official online retail store in October and injected a card skimmer script to steal customers’ personal and payment information. The National Football League team says it immediately disabled all checkout and payment capabilities after discovering on October 23 that the packersproshop.com website was breached. “On October 23, 2024, we were alerted to the presence of malicious code inserted on the Pro Shop website by a third party threat actor,” the Packers’s Director of Retail Operations Chrysta Jorgensen explains in breach notification letters sent to potentially affected individuals. 

US Cyber Trust Mark launches as the Energy Star of smart home security

Consumers shopping for new smart home devices will soon be able to look for the official stamp of trust from the US government: the US Cyber Trust Mark. Similar to how an Energy Star label on home appliances denotes a certain level of energy efficiency, the Cyber Trust Mark is meant to be a way for consumers to quickly understand that a connected device meets certain standards to secure it from cybersecurity threats. The standards cover things like whether a device issues software updates, how it securely moves data to the cloud, and how other devices are able to gain access to the product.

Google warns of legit VPN apps being used to infect devices with malware

Attackers are reportedly using popular VPN applications as a backdoor to inject malware and gain remote control of infected devices. This is the worrying finding coming from Google’s Managed Defense team, which shed light on how malicious actors employ SEO poisoning tactics to spread what’s known as Playfulghost malware. “The malware is bundled with popular applications, like LetsVPN, and distributed through SEO poisoning,” wrote the expert. “This involves manipulating search engine results to make the bundled software appear at the top of searches, making it seem like a legitimate download.”

A Day in the Life of a Prolific Voice Phishing Crew

Besieged by scammers seeking to phish user accounts over the telephone, Apple and Google frequently caution that they will never reach out unbidden to users this way. However, new details about the internal operations of a prolific voice phishing gang show the group routinely abuses legitimate services at Apple and Google to force a variety of outbound communications to their users, including emails, automated phone calls and system-level messages sent to all signed-in devices.

Casio says data of 8,500 people exposed in October ransomware attack

Japanese electronics manufacturer Casio says that the October 2024 ransomware incident exposed the personal data of approximately 8,500 people. The affected individuals are primarily Casio employees and business partners, but there was a small set of customer personal information in the exposed data. The cyberattack occurred on October 5, when ransomware actors employing phishing tactics compromised the company’s network and caused an IT systems outage. On October 10, the attack was claimed by the Underground ransomware gang, which threatened to disclose confidential documents, financial files, project information, and employee data unless a ransom was paid.

Brand Impersonation Scam Hijacks Travel Agency Accounts

Recently, within the span of a week, a new and extensive phishing campaign compromised more than 7,300 businesses and 40,000 individuals around the world. The most heavily impacted regions are the United States (75%) and the European Union (10%). The hackers are impersonating brands and presenting fake email-based offers. Hackers’ objectives center around driving malicious downloads and collecting harvested credentials that they can exploit for their own financial gain.