16 matches found
ShinyHunters Leak 33M Twilio Authy Phone Numbers, Neiman Marcus and Truist Bank Data
ShinyHunters hackers have taken responsibility for three high-profile data breaches involving Neiman Marcus, Truist Bank, and Twilio Authy,…...
A week in security (June 24 – June 30)
Last week on Malwarebytes Labs: TEMU sued for being "dangerous malware" by Arkansas Attorney General Driving licences and other official documents leaked by authentication service used by Uber, TikTok, X, and more "Poseidon" Mac stealer distributed via Google ads Federal Reserve "breached" data m...
Neiman Marcus confirms breach. Is the customer data already for sale?
Luxury retail chain Neiman Marcus has begun to inform customers about a cyberattack it discovered in May. The attacker compromised a database platform storing customers personal information. The letter tells customers: “Promptly after learning of the issue, we took steps to contain it, including ...
Neiman Marcus data breach affects millions
Millions of Neiman Marcus customers have had their personal and financial information exposed in a data breach. In a press release the company confirmed unauthorized access to customer online accounts. According to the press release 4.6 million customers of Neiman Marcus Group stores, specificall...
3.1M Neiman Marcus Customer Card Details Breached
Dallas-based Neiman Marcus Group is known worldwide as the go-to luxury retailer for the well-heeled. But their reputation for impeccable quality just took a big hit with revelations that the company was breached by an attacker back in May 2020. It took 17 months for the retailer to notice. Just...
neimanmarcus.com Cross Site Scripting vulnerability OBB-1342474
Following coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has:       a. verified the vulnerability and confirmed its existence;       b. notified the website operator about its existence...
neimanmarcus.com Cross Site Request Forgery vulnerability OBB-1268827
Following coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has:       a. verified the vulnerability and confirmed its existence;       b. notified the website operator about its existence...
neimanmarcus.com Cross Site Scripting vulnerability OBB-1225363
Following coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has:       a. verified the vulnerability and confirmed its existence;       b. notified the website operator about its existence...
neimanmarcus.com Cross Site Scripting vulnerability
Security Researcher sshell Helped patch 2 vulnerabilities Received 0 Coordinated Disclosure badges , found a security vulnerability affecting neimanmarcus.com website and its users. Following coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bount...
Class Action Suit Against Neiman Marcus Data Breach Revived
It turns out that Neiman Marcus, one of many retailers that announced it suffered a data breach last year, will indeed face a class action lawsuit that claims the upscale department store failed to protect its system from hackers. A decision on the case, which was initially argued in the Northern...
neimanmarcus.com XSS vulnerability
Vulnerable URL: https://www.neimanmarcus.com/en-nl/search.jsp?N=0=saledi=s=1=Ash";%0d%0a"filter""constructor" ;// Details: Description| Value ---|--- Patched:| Yes, at 30.01.2016 Latest check for patch:| 30.01.2016 21:18 GMT Vulnerability type:| XSS Vulnerability status:| Publicly disclosed Alexa...
Neiman Marcus Says 1.1M Cards Compromised in Data Breach
The attackers who penetrated the Neiman Marcus network last year were on the network for at least three months and made off with credit and debit card data belonging to 1.1 million customers. The company said that the data breach was the result of a compromise that began in mid-July and ran until...
23-Year-old Russian Hacker confessed to be original author of BlackPOS Malware
In the previous reports of Cyber Intelligence firm 'IntelCrawler' named Sergey Tarasov, a 17-year-old teenager behind the nickname "ree4", as the developer of BlackPOS malware. BlackPOS also known as "reedum" or 'Kaptoxa' is an effective crimeware kit, used in the massive heist of possibly 110...
More details about alleged 17-year-old Russian BlackPOS Malware Author released
Security experts at IntelCrawler provided a new interesting update on BlackPOS malware author, that he forgot to delete his Social networking profile even after the last exposure from the investigators. As we have reported a few days before that the Intelligence firm IntelCrawler has identified a...
US retailer Neiman Marcus confirmed data breach after TARGET
The TARGET Hack was not the only massive Data breach that happened during the last Black Friday, but also other three major US Retailers were also hacked. Recently, Neiman Marcus also confirmed a data breach that involves Credit card theft from its customers during the holiday shopping season,...
RAM Scrapers and the Target Data Breach
The retail and hospitality industries have a painful history with wonky point-of-sale systems and malware known as RAM scrapers. These attacks, which date back as many as six years, are designed to be injected into running processes and steal payment card data before it’s encrypted by a...