Search results for: Magecart

lock

Most global brands fail to implement security controls to prevent data leakage and theft

The global pandemic has seen the web take center stage. Banking, retail and other industries have seen large spikes in web traffic, and this trend is expected to become permanent. Global brands fail to implement security controls As attackers ramp up efforts to exploit this crisis, a slew of high-profile attacks on global brands and record-breaking fines for GDPR breaches have had little impact on client-side security and data protection deployments. There’s a troubling lack … More

structure

Week in review: MongoDB attacks, hackers hitting F5 BIG-IP, Citrix devices, Patch Tuesday forecast

Here’s an overview of some of last week’s most interesting news, articles and reviews: Attackers are probing Citrix controllers and gateways through recently patched flaws SANS ISC’s Dr. Johannes Ullrich spotted attackers attempting to exploit two of the Citrix vulnerabilities on his F5 BigIP honeypot (set up to flag CVE-2020-5902 exploitation attempts). Attackers are bypassing F5 BIG-IP RCE mitigation – you might want to patch after all Attackers are bypassing a mitigation for the BIG-IP … More

online shop owned

Magecart Group 8 skimmed card info from 570+ online shops

Your payment card information got stolen but you don’t know how, when and where? Maybe you shopped on one of the 570 webshops compromised by the Keeper Magecart group (aka Magecart Group 8) since April 1, 2017. Magecart Group 8’s modus operandi and targets The list of the online shops hit by the criminals has been released by researchers from Gemini Advisory, who managed to compile it after gaining access to the group’s dedicated attack … More

Magento

Magento 1 reaches EOL: Merchants urged to upgrade or risk breaches, falling out of PCI DSS compliance

When Adobe released security updates for Magento last week, it warned that the Magento 1.x branch is reaching end-of-life (EOL) and support (EOS) on June 30, 2020, and that those were the final security patches available for Magento Commerce 1.14 and Magento Open Source 1. Unfortunately, there are still too many (over 100,000) active Magento 1.x installations. The company is urging their owners and admins to migrate to Magento 2.x or risk being hit once … More

vectors

Week in review: DDoS attack trends, WannaCry lessons, new issue of (IN)SECURE

Here’s an overview of some of last week’s most interesting news and articles: Zero-day flaws in widespread TCP/IP library open millions of IoT devices to remote attack 19 vulnerabilities – some of them allowing remote code execution – have been discovered in a TCP/IP stack/library used in hundreds of millions of IoT and OT devices deployed by organizations in a wide variety of industries and sectors. Data Protection Officer independence: Ethical and practical considerations In … More

online shop owned

Magecart attackers hit Claire’s, Intersport web shops

Magecart attackers have compromised web shops belonging to large retail chains Claire’s and Intersport and equipped them with payment card skimmers. Claire’s The compromise of Claire’s online store and that of its sister brand Icing has been flagged by Sansec researchers. The skimmer was served from a domain made to look like it might belong to the company (claires-assets.com), and it was added to the two online stores between April 25th and 30th. “The malware … More

gap

What is the true extent of the modern corporate digital attack surface?

RiskIQ released a report analyzing the company’s internet-wide telemetry and massive internet data collection to reveal the true extent of the modern corporate digital attack surface. Digital attack surface challenges “Today, organizations are responsible for defending not only their internal network but also their digital presence across the internet and the cloud,” said Lou Manousos, CEO, RiskIQ. “Bringing the massive scope of an organization’s attack surface into focus helps frame the challenges of extending cybersecurity … More

Akamai launches a new in-browser threat detection solution that uncovers compromised scripts

Akamai, the intelligent edge platform for securing and delivering digital experiences, announced the launch of Page Integrity Manager, an in-browser threat detection solution designed to uncover compromised scripts that could be used to steal user data or impact the user experience. Initially popularized by Magecart groups, and now being leveraged by other threat actors, the attack vector of malicious web page scripts is growing and has become a frequent source of data breaches. A typical … More

Cymatic announces first year customer milestones

Cymatic released data marking its first year of successful customer engagements since its debut in 2019. Cymatic’s next-generation all-in-one web application defense platform, CymaticONE—the only unified web application defense that deploys at the client through a simple line of JavaScript without agents, cookies, or proxies—was released last year in the run-up to BlackHat. Since that time, the company has: Successfully completed more than two dozen installations in less than an hour Deployed 78% of those … More

EasyJet

EasyJet data breach: 9 million customers affected

British low-cost airline group EasyJet has revealed on Tuesday that it “has been the target of an attack from a highly sophisticated source” and that it has suffered a data breach. The result? Email address and travel details of approximately 9 million customers and credit card details (including CVV numbers) of 2,208 customers were accessed. How did the attackers manage to breach EasyJet? EasyJet did not share in their official notice about the incident when … More

innovation

Week in review: Kali Linux 2020.2, sensor-based ransomware detection, 10 most exploited vulns

Here’s an overview of some of last week’s most interesting news, articles and podcasts: Have you patched these top 10 routinely exploited vulnerabilities? The US Cybersecurity and Infrastructure Security Agency (CISA) is urging organizations to patch a slew of old and new software vulnerabilities that are routinely exploited by foreign cyber actors and cyber criminals. Kali Linux 2020.2: New look, new packages, new installer options Offensive Security has released Kali Linux 2020.2, the latest iteration … More

bomb

Debunking myths related to client-side security and Magecart attacks

The client-side landscape has been overrun by third-party script attacks executed by malicious attackers utilizing formjacking or other methods made famous by the Magecart attack group. Many companies assume their current security stack ensures protection for these seemingly basic attacks, but in reality, they open a can of worms and you may not even know you’ve been attacked. Take a read below to see some of the common misconceptions regarding client-side protection, these dedicated threats … More