Page 18 - Threat Intelligence 11-27-2019
P. 18
Macy’s online store compromised in Magecart-style attack. The webshop of noted U.S. department store
company Macy’s has been compromised and equipped with an information-stealing JavaScript, which ended
up collecting users’ personal and payment card information for a week. According to the notice sent by Macy’s
to affected customers, the breach was discovered on October 15, 2019, after they were alerted to a suspicious
connection between macys.com and another website. An unnamed researcher told Bleeping Computer that
the info-stealing script was included in a legitimate one on the website and that it sent the submitted
information to a C&C server at Barn-x.com/api/analysis.php. The stolen information includes customers’ first
and last name, full address, phone number, email address, payment card number, security code and expiration
date, but only if these were typed into the two aforementioned webpages.
Source: https://www.helpnetsecurity.com/2019/11/19/macys-online-store-compromised/
Retailer Orvis.com Leaked Hundreds of Internal Passwords on Pastebin. Orvis, a Vermont-based retailer that
specializes in high-end fly fishing equipment and other sporting goods, leaked hundreds of internal passwords
on Pastebin.com for several weeks last month, exposing credentials the company used to manage everything
from firewalls and routers to administrator accounts and database servers, KrebsOnSecurity has learned. Orvis
says the exposure was inadvertent, and that many of the credentials were already expired.
Source: https://krebsonsecurity.com/2019/11/retailer-orvis-com-leaked-hundreds-of-internal-
passwords-on-pastebin/
San Marcos city computer systems hacked. Computer systems at the city of San Marcos were hacked last
week, in an attack that has interfered with email accounts and other internal functions, but has not resulted in
data breaches, city officials said. “An external, malicious entrance to our system occurred on October 24,” city
spokeswoman Robin Rockey stated in an email Thursday. Rockey said the city doesn’t know who was
responsible for the cyber-attack, but is working with the San Diego County Sheriff’s Department, FBI and
California Joint Powers Authority Insurance to investigate it. Officials also didn’t say whether the attack
appears to be domestic or foreign. Most internal systems were affected, she said. City email accounts were
disabled, and messages sent to the city were returned with the notices “Delivery Delayed: report of hack on
San Marcos city systems.” However, she said, sensitive data wasn’t affected and there were no financial losses,
other than the time spent addressing the problem.
Source: https://www.sandiegouniontribune.com/communities/north-county/story/2019-10-31/san-
marcos-city-computer-systems-hacked
Cyber-attack hits Utah wind and solar energy provider. sPower, a Utah-based renewable energy provider, is in
the unenvied posture of holding two unwanted titles. First, the company is the first-ever US provider of solar
and wind renewable energy to have been the victim of a cyber-attack. Second, the company is the first US
power grid operator that is known to have lost connection with its power generation installations as a result of
a cyberattack. According to a Freedom of Information Act (FOIA) request the site filed with the Department of
Energy (see a copy here, courtesy of Cyberscoop), on March 5, this year, an attacker used a vulnerability in a
Cisco firewall to crash the device and break the connection between sPower's wind and solar power
generation installations and the company's main command center. The attack also didn't appear to be
targeted in nature. The documents reveal that the hacker didn't continue their attack nor did they breach
sPower's network following the initial exploit that crashed the unpatched firewall.
Source: https://www.zdnet.com/article/cyber-attack-hits-utah-wind-and-solar-energy-provider/
www.accumepartners.com
13
