Sears Exposed AI Chatbot Phone Calls and Text Chats to Anyone on the Web

Customer conversations with chatbots can include contact information and personal details that make it easier for scammers to launch phishing attacks and commit fraud...

EUVD-2014-5760

Malware in sbrugna...

Malicious code in test-mlw2-mikra-sears-jarks-hollo (npm)

The package test-mlw2-mikra-sears-jarks-hollo was found to contain malicious code...

sears.com.mx Cross Site Scripting vulnerability OBB-1290861

Following coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: &nbsp&nbsp&nbsp&nbsp&nbsp&nbspa. verified the vulnerability and confirmed its existence; &nbsp&nbsp&nbsp&nbsp&nbsp&nbspb. notified the website operator about its existence...

Vendor Risk Bites Sears, Delta and Best Buy, while Saks, Lord & Taylor Deal With Breach

Data breaches dominated the cyber security headlines last week, as Sears, Delta, Best Buy, Saks, and Lord & Taylor all found themselves in the news. Sears, Delta and Best Buy: Another vendor risk incident What do retail giant Sears Holdings, consumer electronics chain Best Buy and Delta Air Lines...

Impact Of Chat Service Breach Expands To Best Buy, Kmart

The number of companies coming forward as victims of a data breach – that potentially exposed hundreds of thousands of credit card payment information – has expanded to include Best Buy and Kmart. Last week, software service provider 247.ai, a company that provides online chat services for Delta,...

Credit Card Breach at Kmart Stores. Again.

For the second time in less than three years, Kmart Stores is battling a malware-based security breach of its store credit card processing systems. Last week I began hearing from smaller banks and credit unions who said they strongly suspected another card breach at Kmart. Some of those...

sears.com XSS vulnerability

Vulnerable URL: http://www.sears.com/search=pitbull%20fragrance?catalogId=12605=storeOrigin=BeautyFragrance=NEWEST=10153'-alert/XSSPOSED/-' Details: Description| Value ---|--- Patched:| No Latest check for patch:| 30.07.2017 Vulnerability type:| XSS Vulnerability status:| Publicly disclosed Alexa...

searsfinancial.ca XSS vulnerability

Vulnerable URL: http://searsfinancial.ca/SearchResults.aspx?searchStr=%3Cscript%3Ealert%28%22XSSPOSED%22%29%3C/script%3E Details: Description| Value ---|--- Patched:| Yes, at 25.07.2017 Latest check for patch:| 25.07.2017 17:37 GMT Vulnerability type:| XSS Vulnerability status:| Publicly disclose...

CVE-2014-5873

The Sears aka com.sears.android application 6.2.8 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate...

Information disclosure

The Sears aka com.sears.android application 6.2.8 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate...

CVE-2014-5873

The Sears aka com.sears.android application 6.2.8 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate...

CVE-2014-5873

The CVE-2014-5873 entry relates to the Sears Android app (package com.sears.android) version 6.2.8 failing to verify X.509 certificates for SSL connections. This certificate validation bypass enables potential MITM attackers to spoof servers and exfiltrate sensitive information via a crafted cert...