Security News

5M credit cards leaked and Chrome kicks cryptojacking to the curb

Avast Security News Team, 6 April 2018

Saks suffers data breach of 5M credit cards and Chrome forbids cryptomining extensions

Fashion faux pas: Data breach at Saks Fifth Avenue and Lord & Taylor

Toronto-based retail enterprise Hudson’s Bay — parent company to Saks Fifth Avenue, Saks OFF Fifth, and Lord & Taylor — disclosed on Sunday that no less than five million of their customers may have suffered credit card compromises in a data breach that occurred last May.

Hudson’s Bay admitted the breach after New York cybersecurity firm Gemini Advisory reported that crime ring Joker’s Stash has been selling the stolen card info on the dark web for almost a full year. Only credit cards used to pay in-store were compromised, claim Hudson’s Bay, stating that their online shopping platforms were not breached.

If you’re worried you may have been affected by this data theft, read the company’s statement or call their customer service at 855-270-9187.

Google shuts down cryptojacking

The Google Chrome browser allowed extensions that performed consensual cryptomining . . . up until yesterday. The company historically has had no problem with cryptomining as long as the user agreed to it, but they report a dramatic rise in malicious extensions over the last few months that covertly mine without the user’s knowledge or approval.

Nonconsensual cryptomining is known as cryptojacking, as the process essentially hijacks the computer’s or device’s CPU power. Prolonged mining can damage the system through overheating.

Too many mining scripts submitted by developers — about 90%, states Google — sidestep Chrome’s policies on cryptomining. For this reason, the company has decided not to allow it in any form, consensual or non. Any newly-submitted mining extensions will be immediately rejected, and all current ones will be phased out completely by June.

Intel announces it cannot fix Spectre V2

Earlier this year, we reported on the Spectre vulnerability, a design flaw in processing chips used by most computers in the world. When exploited, the flaw can “trick” your system to leaking sensitive data.

After puzzling over it for several months, Intel has now announced that it won’t be able to correct Variant 2 of the Spectre flaw in some of its processors, as the problem is inherent in the chips’ physical architecture.  The company has ceased production on the flawed chips, which encompass nine of their chip “families.” The problem chips were sold between 2007 and 2011.

US puts $380M towards election cybersecurity

Congress passed a spending bill in March that includes a fund of $380M to be meted out amongst all US states and territories to bolster election security. The Election Assistance Commission will dole out a base of $3M to each state, plus additional funds based on population. Each US territory (Guam, Puerto Rico, US Virgin Islands, American Samoa) will receive $600,000.

The bill mandates that the states and territories put the funds towards upgrades that will make election results more reliable, and they have 90 days to draft their security-improvement proposals. It is unclear whether any of the system improvements can be set in place in time for the 2020 presidential election, let alone the 2018 midterm elections, but the Department of Homeland Security has qualified current election infrastructure as vulnerable and “a national security concern.”


Avast is a global leader in cybersecurity, protecting hundreds of millions of users around the world. Learn more about products that protect your digital life at avast.com. And get all the latest news on today's cyberthreats and how to beat them at blog.avast.com.