HackDig : Dig high-quality web security articles for hacker

Criminals hack Tupperware website with credit card skimmer

On March 20, Malwarebytes identified a targeted cyberattack against household brand Tupperware and its associated websites that is still active today. We attempted to alert Tupperware immediately after our discovery, but none of our calls or emails were answered. Threat actors compromised the official tupperware[.]com site—which averages close to 1 millio
Publish At:2020-03-25 14:34 | Read:191 | Comments:0 | Tags:Hacking credit card Magecart skimmer skimming steganography

TrueFire Guitar tutoring website was hacked, financial data might have been exposed

The online guitar tutoring website TrueFire was compromised by hackers in a classic Magecart style attack that exposed customers’ payment card data. The popular online guitar tutoring website TrueFire has suffered a ‘Magecart‘ style security breach that might have exposed customers’ personal information and payment card data. T
Publish At:2020-03-18 05:49 | Read:270 | Comments:0 | Tags:Breaking News Cyber Crime Hacking credit card information se

Rocket Loader skimmer impersonates CloudFlare library in clever scheme

Fraudsters are known for using social engineering tricks to dupe their victims, often times by impersonating authority figures to instill trust. In a recent blog post, we noted how criminals behind Magecart skimmers mimicked content delivery networks in order to hide their payload. This time, we are looking at a far more clever scheme. This latest skim
Publish At:2020-03-10 12:32 | Read:315 | Comments:0 | Tags:Threat analysis HTTPS JavaScript Magecart skimmer skimming C

Fraudsters cloak credit card skimmer with fake content delivery network, ngrok server

Threat actors love to abuse legitimate brands and infrastructure—this, we know. Last year we exposed how web skimmers had found their way onto Amazon’s Cloudfront content delivery network (CDN) via insecure S3 buckets. Now, we discovered scammers pretending to be CDNs while exfiltrating data and hiding their tracks—another reason to keep watchful eye o
Publish At:2020-02-26 13:26 | Read:194 | Comments:0 | Tags:Threat analysis cdn content delivery network credit card dat

Uncovering New Magecart Implant Attacking eCommerce

Security expert Marco Ramilli shared the results of an analysis of a skimmer implant spotted in the wild that could be potentially linked to Magecart group. If you are a credit card holder, this post could be of your interest. Defending our financial assets is always one of the top priorities in the cybersecurity community but, on the other side of the co
Publish At:2020-02-19 12:18 | Read:317 | Comments:0 | Tags:Breaking News Cyber Crime Hacking Malware credit cards Cyber

Fintech security: the challenges and fails of a new era

“I have no idea how this app from my bank works, and I don’t trust what I don’t understand.” Josh is not an old curmudgeon or luddite. He’s 42 with a decent understanding of technology. Nevertheless, the changes in fintech have come too fast for him. It’s not that he doesn’t trust his bank. He doesn’t trust him
Publish At:2020-02-05 16:55 | Read:360 | Comments:0 | Tags:Vital infrastructure cryptocurrency finacials fintech gdpr g

6 ways hackers are targeting retail businesses

Retail hacking is no new phenomenon, although it has increased in frequency over the last few years. In fact, retailers experienced more breaches than any other industry in 2019, and they’ve lost over $30 billion to cybersecurity attacks. Both brick-and-mortar and online businesses experience retail hacking. Cybercriminals must often work harder to
Publish At:2020-01-08 16:50 | Read:441 | Comments:0 | Tags:Web threats credential stuffing EMV technology Magecart near

New evasion techniques found in web skimmers

For a number of years, criminals have been able to steal credit card details from unaware online shoppers without attracting too much attention. Few people in the security industry were talking about these credit card web skimmers, both server-side and client-side, before the latter became largely known as Magecart. It took some major incidents, notably t
Publish At:2020-01-02 16:50 | Read:587 | Comments:0 | Tags:Threat analysis credit card Magecart skimmer steganography w

Hundreds of counterfeit online shoe stores injected with credit card skimmer

There’s a well-worn saying in security: “If it’s too good to be true, then it probably isn’t.” This can easily be applied to the myriad of online stores that sell counterfeit goods—and now attract secondary fraud in the form of a credit card skimmer. Allured by great deals on brand names, many people end up buying products on
Publish At:2019-12-10 16:50 | Read:613 | Comments:0 | Tags:Threat analysis counterfeit credit card fraud Magecart shoes

There’s an app for that: web skimmers found on PaaS Heroku

Criminals love to abuse legitimate services—especially platform-as-a-service (Paas) cloud providers—as they are a popular and reliable hosting commodity used to support both business and consumer ventures. Case in point, in April 2019 we documented a web skimmer served on code repository GitHub. Later on in June, we observed a vast campaign where skimming
Publish At:2019-12-04 16:50 | Read:662 | Comments:0 | Tags:Web threats app apps credit card heroku Magecart paas skimme

Web skimmer phishes credit card data via rogue payment service platform

Heading into the holiday shopping season, we have been tracking increased activity from a threat group registering domains for skimming and phishing campaigns. While most of the campaigns implemented a web skimmer in the typical fashion—grabbing and exfiltrating data from a merchant’s checkout page to an attacker-controlled server—a new attack scheme h
Publish At:2019-11-21 16:50 | Read:615 | Comments:0 | Tags:Web threats holiday shopping Magecart payment gateway servic

A week in security (October 28 – November 3)

Last week on Malwarebytes Labs, we celebrated the birth of the Internet 50 years ago, highlighted reports about the US Federal Trade Commission (FTC) filing a case against stalkerware developer Retina-X, issued a PSI on disaster donation scams, looked at the top cybersecurity challenged SMBs face, and provided guidance to journalists on how they can defend t
Publish At:2019-11-11 23:20 | Read:824 | Comments:0 | Tags:A week in security Adobe Creative Cloud advanced persistent

A week in security (October 21 – 27)

Last week on Malwarebytes Labs, we explored a link between Magecart Group 5 and the Carbanak APT, we discussed the growing rate of robocalls threatening user privacy, and we tipped you off on how to protect yourself from doxing. We were glad to see the BBC raise awareness about stalkerware, much like we did a few weeks ago. Other cybersecurity news
Publish At:2019-10-28 16:50 | Read:890 | Comments:0 | Tags:Week in security avast ccleaner doxing edps Magecart NordVPN

The forgotten domain: Exploring a link between Magecart Group 5 and the Carbanak APT

This blog post was authored by Jérôme Segura, William Tsing, and Adam Thomas. In a previous post, we described the possible overlap between certain domains registered by Magecart Group 4 and the Cobalt gang. While attribution is always a difficult endeavor, sharing TTPs can help others to connect the dots between campaigns observed in the wild and threat
Publish At:2019-10-22 11:20 | Read:778 | Comments:0 | Tags:Threat analysis advanced persistent threats APTs attribution

FIN6 Compromised E-commerce Platform via Magecart to Inject Credit Card Skimmers Into Thousands of Online Shops

We discovered that the online credit card skimming attack known as Magecart or E-Skimming was actively operating on 3,126 online shops. Our data shows that the attack started on September 7, 2019. All of the impacted online shops are hosted on the cloud platform of the e-commerce service provider “Volusion,” one of the top e-commerce platforms in the market.
Publish At:2019-10-09 22:00 | Read:784 | Comments:0 | Tags:Bad Sites Malware credit card ecommerce FIN6 Magecart Skimme

Announce

Share high-quality web security related articles with you:)

Tools

Tag Cloud