An undisclosed number of customers of outdoor clothing retailer The North Face have had their passwords reset by the company, following a credential-stuffing attack. The company has revealed that on October 9, 2020, it became aware that hackers had used usernames and passwords stolen from a third-party website to gain unauthorised access to customer accounts.

The number of successful ransomware attacks on the education sector increased 388% in the third quarter of 2020. According to Emsisoft, the education sector reported 31 ransomware incidents in Q3 2020. That’s a 388% increase over the 8 incidents that occurred in the previous quarter. Nine of the 31 ransomware attacks disclosed in the third quarter of the year involved data exfiltration, a tactic which has become common with ransomware gangs over the past year.

A selection of this week’s more interesting vulnerability disclosures and cyber security news. For a daily selection see our twitter feed at #ionCube24. We do our best to avoid falling for a scammer, but the lure of yummy comfort goodies especially with the pandemic’s toll on our lives, may be just the one step too far.

“TroubleGrabber” is a new credential stealer that is being spread through Discord attachments and uses Discord messages to communicate stolen credentials back to the attacker. While it bears some functional similarity to AnarchyGrabber, it is implemented differently and does not appear to be linked to the same group. TroubleGrabber is written by an individual named “Itroublve” and is currently used by multiple threat actors to target victims on Discord.

Securing your cloud environment effectively is no easy task. What cloud security issues should you be prepared for? What are the most serious security risks? Which best practices are most effective at keeping your data safe? In this article, we will explore the two primary cloud models and the principal security concerns you will face when using each model.

Scalper bots, also known as inventory hoarding bots, are the bots that thrive on supply and demand. These malicious bots are used to target merchandise that is typically in high demand or limited supply, buying it and selling it on for a tidy profit. The key thing here, is that scalper bots can make purchases extraordinarily quickly, much faster than any genuine user can.

No one could have predicted how 2020 would unfold, particularly for the retail industry. While some high street stores, including major brands, have been forced to close, other retailers have navigated surges of consumers heading online and fueling the eCommerce industry like never before. The holiday period is vital for retailers, with trading figures from November to December able to make or break a businesses’ annual profit margin.

Bulletproof has released its Annual Cyber Security Industry Report 2021, where we look at the security challenges facing businesses in 2021 and discover what organisations can do to stay ahead of the hackers. In this blog we highlight 4 key findings from the report and explore what they mean for business’ security in 2021 and beyond.

On September 29, 2020, the U.S. Department of Defense (DoD) released an interim rule titled Assessing Contractor Implementation of Cybersecurity Requirements (Defense Federal Acquisition Regulation Supplement (DFARS) Case 2019-D041). The rule amends the DFARS, and at the same time, implements the DoD Cybersecurity Maturity Model Certification (CMMC) program.