HackDig : Dig high-quality web security articles for hackers

Thousands of Magento stores hacked in a few days in largest-ever skimming campaign

Thousands of Magento online stores have been hacked over the past few days as part of the largest ever skimming campaign. Security experts from cybersecurity firm Sansec reported that nearly 2,000 Magento online stores have been hacked over the past few days as part of the largest ever Magecart-style campaign. Most of the hacked sites were running Magento
Publish At:2020-09-14 18:20 | Read:125 | Comments:0 | Tags:Breaking News Cyber Crime Hacking Malware exploit code infor

Warner Music Group online stores hit by look-like Magecart attack

Warner Music Group (WMG) disclosed a data breach affecting US-based e-commerce stores, the compromise appears to be a Magecart attack. Warner Music Group (WMG) is a major music company with interests in recorded music, music publishing and artist services. The company has disclosed a data breach that impacted customers’ personal and financial inform
Publish At:2020-09-04 12:21 | Read:114 | Comments:0 | Tags:Breaking News Data Breach Hacking hacking news information s

Hackers use e-skimmer that exfiltrates payment data via Telegram

Researchers observed a new tactic adopted by Magecart groups, the hackers used Telegram to exfiltrate stolen payment details from compromised websites. Researchers from Malwarebytes reported that Magecart groups are using the encrypted messaging service Telegram to exfiltrate stolen payment details from compromised websites. Attackers encrypt payment d
Publish At:2020-09-02 12:30 | Read:199 | Comments:0 | Tags:Breaking News Cyber Crime Hacking Malware e-skimming hacking

New web skimmer steals credit card data, sends to crooks via Telegram

The digital credit card skimming landscape keeps evolving, often borrowing techniques used by other malware authors in order to avoid detection. As defenders, we look for any kind of artifacts and malicious infrastructure that we might be able to identify to protect our users and alert affected merchants. These malicious artifacts can range from compromis
Publish At:2020-09-01 16:25 | Read:137 | Comments:0 | Tags:Web threats credit card credit card skimmer credit card skim

Homoglyph attacks used in phishing campaign and Magecart attacks

Researchers detailed a new evasive phishing technique that leverages modified favicons to inject e-skimmers and steal payment card data covertly. Researchers from cybersecurity firm Malwarebytes have analyzed a new evasive phishing technique used by attackers in the wild in Magecart attacks. The hackers targeted visitors of several sites using typo-squatt
Publish At:2020-08-09 07:37 | Read:233 | Comments:0 | Tags:Breaking News Hacking e-skimmer Homoglyph attacks informatio

Inter skimming kit used in homoglyph attacks

As we continue to track web threats and credit card skimming in particular, we often rediscover techniques we’ve encountered elsewhere before. In this post, we share a recent find that involves what is known as an homoglyph attack. This technique has been exploited for some time already, especially in phishing scams with IDN homograph attacks. Th
Publish At:2020-08-06 16:20 | Read:338 | Comments:0 | Tags:Threat analysis credit card skimming homoglyph Inter kit Mag

Credit card skimmer targets ASP.NET sites

Cybercriminals typically focus on targets that can get them the highest return with the least amount of effort. This is often determined by their ability to scale attacks, and therefore on how prevalent a vulnerability or target system is. Enter: the credit card skimmer. In the world of digital skimming, we’ve seen the most activity on e-commerce co
Publish At:2020-07-06 15:00 | Read:337 | Comments:0 | Tags:Threat analysis ASP.net credit card credit card skimmer cred

US Local Government Services Targeted by New Magecart Credit Card Skimming Attack

Eight cities across three states in the United States have fallen victim to a Magecart card skimming attack. In these attacks, their websites were compromised to host credit card skimmers which passed on the credit card information of residents to cybercriminals. These sites all appear to have been built using Click2Gov, a web-based platform meant for use by
Publish At:2020-06-29 20:10 | Read:336 | Comments:0 | Tags:Bad Sites Malware Click2Gov local government Magecart

Web skimmer hides within EXIF metadata, exfiltrates credit cards via image files

They say a picture is worth a thousand words. Threat actors must have remembered that as they devised yet another way to hide their credit card skimmer in order to evade detection. When we first investigated this campaign, we thought it may be another one of those favicon tricks, which we had described in a previous blog. However, it turned out to be diff
Publish At:2020-06-25 16:41 | Read:232 | Comments:0 | Tags:Threat analysis EXIF Magecart metadata skimmers skimming

Accessories giant Claire’s is the victim of a Magecart attack, credit card data exposed

Hackers breached the websites of the U.S. accessory giant Claire’s, and its subsidiary Icing, and gained access to customer’s credit card data. Threat actors have hacked the websites of the U.S. based jewelry and accessory giant Claire’s, and its subsidiary Icing, the security breach took place in April and attackers may have gained acce
Publish At:2020-06-15 07:15 | Read:355 | Comments:0 | Tags:Breaking News Hacking Malware credit card e-skimmer hacking

Lock and Code S1Ep7: Sounding the trumpet on web browser privacy with Pieter Arntz

This week on Lock and Code, we discuss the top security headlines generated right here on Labs and around the Internet. In addition, we talk to Pieter Arntz, malware intelligence researcher at Malwarebytes, about web browser privacy—an often neglected subcategory of data privacy. Without the proper restrictions, browsers can allow web trackers to follow
Publish At:2020-05-26 14:44 | Read:370 | Comments:0 | Tags:Malwarebytes news Podcast Android spyware bec best MSP pract

Credit card skimmer masquerades as favicon

Malware authors are notorious for their deceptive attempts at staying one step ahead of defenders. As their schemes get exposed, they always need to go back to their bag of tricks to pull out a new one. When it comes to online credit card skimmers, we have already seen a number of evasion techniques, some fairly simple and others more elaborate. The goal
Publish At:2020-05-18 13:43 | Read:420 | Comments:0 | Tags:Threat analysis ants and cockroach credit car credit card sk

Online credit card skimming increased by 26 percent in March

Criminals are known to take advantage of events that capture people’s attention. This is true for any kind of attack that relies on social engineering, such as the phishing emails exploiting the Covid-19 pandemic. Certain events such as the current crisis not only get the attention of threat actors but they also lead to changes in habits. Case in po
Publish At:2020-04-08 13:53 | Read:638 | Comments:0 | Tags:Cybercrime coronavirus covi Magecart shopping skimmers skimm

Magecart group 7 use new e-skimmer to steal payment data

RiskIQ researchers spotted a new ongoing Magecart campaign that already compromised at least 19 different e-commerce websites. Researchers from security firm RiskIQ have uncovered a new ongoing Magecart campaign that already compromised at least 19 different e-commerce websites to steal customers’ payment card data. The experts discovered a new s
Publish At:2020-04-04 15:17 | Read:517 | Comments:0 | Tags:Breaking News Cyber Crime Hacking Malware Cybercrime hacking

Criminals hack Tupperware website with credit card skimmer

On March 20, Malwarebytes identified a targeted cyberattack against household brand Tupperware and its associated websites that is still active today. We attempted to alert Tupperware immediately after our discovery, but none of our calls or emails were answered. Threat actors compromised the official tupperware[.]com site—which averages close to 1 millio
Publish At:2020-03-25 14:34 | Read:658 | Comments:0 | Tags:Hacking credit card Magecart skimmer skimming steganography

Tools

Tag Cloud