Search results for: Magecart

fire

More than 2 million cyber incidents in 2018 created $45 billion in losses

The financial impact of ransomware rose by 60%, losses from business email compromise (BEC) doubled, and cryptojacking incidents more than tripled, all despite the fact that overall breaches and exposed records were down in 2018, according to Internet Society’s Online Trust Alliance (OTA). The data shows that cybercriminals are getting better at monetizing their activities, with OTA estimating the more than 2 million cyber incidents in 2018 resulted in over $45 billion in losses, with … More

Inside the plane

British Airways is facing £183 million fine for 2018 data breach

The UK Information Commissioner’s Office (ICO) wants British Airways to pay a £183.39 million (nearly $230 million) fine for failing to protect personal and financial information of approximately 500,000 of its customers. The company, which is part of the International Airlines Group (IAG), intends to appeal the decision. The breach that prompted the fine In early September 2018 (and a few months after the EU GDPR became enforceable), British Airways announced that its website and … More

building

Supply chain attacks: Mitigation and protection

In software development, a supply chain attack is typically performed by inserting malicious code into a code dependency or third-party service integration. Unlike typical cyber attacks, supply chain attacks provide two major advantages to attackers. Firstly, a single supply chain attack can target multiple companies at once (since multiple companies use the same code dependencies and third-party scripts); as such, the potential return of investment of the attack is higher. Secondly, and unlike common cyber … More

analyze

CISO’s guide to an effective post-incident board report

A successful cyberattack is undoubtedly one of the most disruptive events an organization can experience. Whether it’s phishing, DDoS, ransomware or SQL injection, the incident often results in major service failures and potentially massive revenue loss, as well as damage to brand reputation and customer trust. As CISO, you are charged not just with overseeing the response and mitigation processes post-breach but also with assembling all relevant information in a post-incident report to the board. … More

Magento

Most Magento shops get compromised via vulnerable extensions

Vulnerable third party extensions (modules) are now the main source of Magento hacks, says security researcher and Magento forensics investigator Willem de Groot. “The method is straightforward: attacker uses an extension bug to hack into a Magento store. Once in, they download all of the other installed extensions. The attacker then searches the downloaded code for 0day security issues, such as POI, SQLi and XSS flaws. Once found, the attacker launches a global scan to … More

target

Cybercriminals increasingly taking aim at businesses

2018 has been the year when cryptominers first dethroned ransomware as the most prevalent threat due to a meteoric spike in Bitcoin value in late 2017, then slowly trailed off when it began to nosedive. It’s also been the year of the mega breach (Facebook, Marriott, MyHeritage, Quora, etc.), the year when extortionists and sextortionists began increasingly capitalizing on stale PII from old breaches, and the year when malicious spam replaced exploits as the favorite … More

abstract

Week in review: SD-WAN deployment, security DevOps, a new taxonomy for SCADA attacks

Here’s an overview of some of last week’s most interesting news and articles: Compromised ad company serves Magecart skimming code to hundreds of websites The attackers managed to compromise Adverline, a French online advertising company with a European-focused clientele, and inject payment card skimming code into one of its JavaScript libraries for retargeting advertising. Strategies for expertly protecting industrial control systems Andrew Ginter is the Vice President of Industrial Security at Waterfall Security Solutions. We … More

online shop owned

Compromised ad company serves Magecart skimming code to hundreds of websites

Security researchers have flagged a new web-based supply chain attack by one of the cybercriminal groups that fall under the Magecart umbrella. The attackers managed to compromise Adverline, a French online advertising company with a European-focused clientele, and inject payment card skimming code into one of its JavaScript libraries for retargeting advertising. The targets “Web-based supply chain attacks compromise vendors that supply code often used to add or improve site functionality. This code integrates with … More

biohazard

McAfee researchers analyze cybercriminal markets, reveal tactics, targets

McAfee released its McAfee Labs Threats Report: December 2018, examining activity in the cybercriminal underground and the evolution of cyber threats in Q3 2018. McAfee Labs saw an average of 480 new threats per minute and a sharp increase in malware targeting IoT devices. “Cybercriminals are eager to weaponize vulnerabilities both new and old, and the number of services now available on underground markets has dramatically increased their effectiveness,” said Christiaan Beek, lead scientist at … More

thief

Losses from online payment fraud to reach $48 billion annually

A new study from Juniper Research has found that annual online payment fraud losses from eCommerce, airline ticketing, money transfer and banking services, will reach $48 billion by 2023; up from the $22 billion in losses projected for 2018. Juniper’s new research, Online Payment Fraud: Emerging Threats, Segment Analysis & Market Forecasts 2018-2023, claimed that a critical driver behind these losses will be the continued high level of data breaches resulting in the theft of … More

shopping

The holiday season and cybercrime: 8 ways to protect yourself

The holiday season has become an unbridled online spending extravaganza, and threat actors have taken notice. For shoppers, what starts out as an attempt to fulfill their holiday shopping checklist for pennies on the dollar can turn into a financial nightmare. For brands, what begins as an event that significantly boosts sales can turn into a security fiasco that erodes the trust between them and their customers and prospects. Cyber Monday 2017 was the largest … More

path

Week in review: Vaporworms, DevOps roadmap for security, ethical data management

Here’s an overview of some of last week’s most interesting news and articles: Cybersecurity and ethical data management: Getting it right Laura Norén, director of research at Obsidian Security and a sociologist with an interest in the social impact of technology and the ethics of data science, explains that there are four typical ethical considerations that come up in data-saturated projects. Reported breaches in the first 9 months of 2018 exposed 3.6 billion records The … More