The American Payroll Association just notified its members that it has suffered a breach. Threat actors installed skimming malware on both the login web page of the APA website and the checkout section of the association’s online store by exploiting a vulnerability in the APA’s content management system. It was discovered around July 13, but before it could be removed unauthorized individuals gained access to information including first and last names, email address, job title/role, primary job function, company structure, gender; date of birth, address (either business or personal), including country, province or state, city, and postal code, company name and size, industry details, and the types of payroll and attendance software used at the member’s company.
From Bleepingcomputer.com: Adobe’s Magento platform experienced a nasty skimming attack last weekend that compromised almost 2,000 online stores this with MageCart malware to steal credit cards. Over 1500 sites in total were hacked. The hacked shops were using Magento version 1, which is now end of life.
From Bleepingcomputer.com: Staples has notified some customers of a cybersecurity incident that occurred earlier this month around 9/02 and consisted of unauthorized access to a system. Little information is available, but the event. The letter notes that “a limited amount” of order data for customers of Staples.com was obtained, and may contain names, addresses, email addresses, phone numbers, last four credit card digits, details about the order (delivery, cost, product), and other non-sensitive information.
Lafayette city officials announced they were hit with a ransomware attack on July 27th.
The attack disabled network services causing city emails, phones, online payments and reservation systems to be affected. A ransom of $45,000 was paid to retrieve the key and unlock the encrypted data.
A preliminary investigation shows the ransomware entered the city’s network through a phishing scam or brute force attack, and looks to be random.
See the city’s statement on the outage here.
On July 23rd, 2020, Garmin suffered a worldwide outage where customers could not access their connected services, including the Garmin Connect, flyGarmin, Strava, inReach solutions.
After a four day outage Garmin confirmed they were restoring services. It is assumed that Garmin paid a 10 million dollar ransom to recover their data as there are no known weaknesses in the wastedlocker ransomware. Garmin has not commented further at this time to either confirm or deny the ransomware payment.
For further information read the article posted by bleeping computer.