Search results for: Magecart

lock

The ripple effect: Why protection against supply chain attacks is a must

The SolarWinds attack continues to send ripples across the world of cybersecurity. For the uninitiated, this form of cyber attack was like a gradual spread of poison, and its fallout proved to be massive – starting with national (US) security concerns that Russia might have been involved and ending up with President Biden issuing an Executive Order on improving the nation’s cybersecurity, followed closely by similar efforts by the UK government. Whether or not it … More

online shopping

Small businesses urged to protect their customers from card skimming

With Black Friday and Cyber Monday quickly approaching, the UK National Cyber Security Centre (NCSC) is urging small online shops to protect their customers from card skimming cyber criminals. As part of NCSC’s Active Cyber Defence programme, the organization has already notified this year 4,151 small businesses that their sites have been compromised to steal customers’ payment details, and is now advising the rest to be on the alert. Online shops and card skimming: The … More

week in review

Week in review: Intel chip flaw, shedding light on hidden root CAs, Emotet stages a comeback

Here’s an overview of some of last week’s most interesting news, articles and interviews: Researchers shed light on hidden root CAs How widespread is the use of hidden root CAs and certificates signed by them? To answer that and other questions, a group of researchers from several Chinese and U.S. universities and Qihoo 360, the company developing the 360 Secure Browser, have collected 5 months worth of certificate data from volunteer users and analyzed certificate … More

shopping

10,000+ websites and apps are vulnerable to Magecart

Some of the world’s largest companies across retail, banking, healthcare, energy and many other sectors, including Fortune 500, Global 500 and governments are failing to prevent Magecart attacks, Cyberpion research revealed. Magecart is the common name for a style of cyber attack in which hackers compromise third party code (typically Javascript that runs in browsers) to steal, or scrape, information such as credit card data from web-applications (e.g. online checkout software) or websites that incorporate … More

risk

Most Fortune 500 companies’ external IT infrastructure considered at risk

Nearly three quarters of Fortune 500 companies’ IT infrastructure exists outside their organization, a quarter of which was found to have a known vulnerability that threat actors could infiltrate to access sensitive employee or customer data, a Cyberpion research reveals. External IT infrastructure and assets at risk 73% of Fortune 500 companies’ total IT infrastructure is external to the organization, of which 24% is considered at risk or has a known vulnerability The total IT … More

Magento

Adobe fixes security holes in Magento, most of which are critical

Adobe has released security updates to address vulnerabilities in Magento and Adobe Connect. Magento August 2021 security updates Magento is a popular open-source e-commerce platform. Websites underpinned by Magento are infamously targeted by the (collectively named) Magecart cyber criminal groups, compromised and equipped with payment card skimmers. Adobe has released updates for Magento Commerce and Magento Open Source editions, fixing 26 CVE-numbered vulnerabilities, most of which are critical. Among these are a number of bugs … More

red

Where does the SME fit into a supply chain attack?

“No business is an island, entire of itself” (with apologies to John Donne). Businesses have connections to other businesses, who supply them with goods, and whom they supply with goods – both parts and software. These connections are known as the supply chain. It can be long and convoluted and has become a favoured attack vector for cybercriminals. In many cases, a company has its own supply chain while simultaneously being part of the supply … More

healthcare

Hackers are leveling up and catching healthcare off-guard

Remember when ransomware operators promised last year not to attack hospitals under siege from COVID-19? Unfortunately, that didn’t happen: hospitality, entertainment, and retail locations were all shut down as COVID-19 spread, leaving ne’er-do-wells to look at industries that were still open for business. When attacking the healthcare industry, hackers are going beyond focusing on data exfiltration or leaking patient records. The focus is to totally disrupt health systems operations with ransomware that locks up electronic … More

Source Defense colloborate with Prevalent to mitigate third-party risks to client-side web applications

Source Defense announced its partnership with Prevalent to identify threats and protect online businesses against automated and client-side attacks exploiting third-party code and website access. Prevalent and Source Defense’s joint solution offers deeper visibility on the true array of code and vendor relationships powering websites, with automated policy enforcement and remediation features to defeat malicious activity and prove regulatory compliance. As client-side threats such as Magecart and formjacking attacks continue to victimize websites across industries, … More

week in review

Week in review: PHP supply chain attack, common zero trust traps, hardening CI/CD pipelines

Here’s an overview of some of last week’s most interesting news and articles: Attackers tried to insert backdoor into PHP source code The PHP development team has averted an attempted supply chain compromise that could have opened a backdoor into many web servers. The growing threat to CI/CD pipelines By hardening CI/CD pipelines and addressing security early in the development process, developers can deliver software faster and more securely. DDoS attacks in 2021: What to … More

lock

Mobile providers exposing sensitive data to leakage and theft

Data exposure is a significant, unaddressed problem for Europe’s top mobile providers and, by extension, more than 253 million customers who sign up for their services and share sensitive personal data, according to research by Tala Security. Mobile providers are exposing sensitive data Sensitive data is at significant risk via form data exposure: Forms used to capture credentials, banking details, passport numbers, etc., are exposed to an average of 19 third-parties. Without control, this sensitive … More

fill online form

93% of consumers concerned about data security when filling out online forms

Source Defense provides in-depth analysis of the client-side threat landscape and specific attacks like formjacking, Magecart and web browser threats. The research offers a rare window on web security sentiments for a population relying almost exclusively on websites for all manner of shopping, healthcare, financial services and other essential needs during the pandemic. Key findings 93% of consumers are concerned about data security when filling out online forms 91% said that brands requiring consumers to … More