HackDig : Dig high-quality web security articles for hackers

Credit card skimmer targets ASP.NET sites

Cybercriminals typically focus on targets that can get them the highest return with the least amount of effort. This is often determined by their ability to scale attacks, and therefore on how prevalent a vulnerability or target system is. Enter: the credit card skimmer. In the world of digital skimming, we’ve seen the most activity on e-commerce co
Publish At:2020-07-06 15:00 | Read:143 | Comments:0 | Tags:Threat analysis ASP.net credit card credit card skimmer cred

US Local Government Services Targeted by New Magecart Credit Card Skimming Attack

Eight cities across three states in the United States have fallen victim to a Magecart card skimming attack. In these attacks, their websites were compromised to host credit card skimmers which passed on the credit card information of residents to cybercriminals. These sites all appear to have been built using Click2Gov, a web-based platform meant for use by
Publish At:2020-06-29 20:10 | Read:119 | Comments:0 | Tags:Bad Sites Malware Click2Gov local government Magecart

Web skimmer hides within EXIF metadata, exfiltrates credit cards via image files

They say a picture is worth a thousand words. Threat actors must have remembered that as they devised yet another way to hide their credit card skimmer in order to evade detection. When we first investigated this campaign, we thought it may be another one of those favicon tricks, which we had described in a previous blog. However, it turned out to be diff
Publish At:2020-06-25 16:41 | Read:74 | Comments:0 | Tags:Threat analysis EXIF Magecart metadata skimmers skimming

Accessories giant Claire’s is the victim of a Magecart attack, credit card data exposed

Hackers breached the websites of the U.S. accessory giant Claire’s, and its subsidiary Icing, and gained access to customer’s credit card data. Threat actors have hacked the websites of the U.S. based jewelry and accessory giant Claire’s, and its subsidiary Icing, the security breach took place in April and attackers may have gained acce
Publish At:2020-06-15 07:15 | Read:133 | Comments:0 | Tags:Breaking News Hacking Malware credit card e-skimmer hacking

Lock and Code S1Ep7: Sounding the trumpet on web browser privacy with Pieter Arntz

This week on Lock and Code, we discuss the top security headlines generated right here on Labs and around the Internet. In addition, we talk to Pieter Arntz, malware intelligence researcher at Malwarebytes, about web browser privacy—an often neglected subcategory of data privacy. Without the proper restrictions, browsers can allow web trackers to follow
Publish At:2020-05-26 14:44 | Read:184 | Comments:0 | Tags:Malwarebytes news Podcast Android spyware bec best MSP pract

Credit card skimmer masquerades as favicon

Malware authors are notorious for their deceptive attempts at staying one step ahead of defenders. As their schemes get exposed, they always need to go back to their bag of tricks to pull out a new one. When it comes to online credit card skimmers, we have already seen a number of evasion techniques, some fairly simple and others more elaborate. The goal
Publish At:2020-05-18 13:43 | Read:277 | Comments:0 | Tags:Threat analysis ants and cockroach credit car credit card sk

Online credit card skimming increased by 26 percent in March

Criminals are known to take advantage of events that capture people’s attention. This is true for any kind of attack that relies on social engineering, such as the phishing emails exploiting the Covid-19 pandemic. Certain events such as the current crisis not only get the attention of threat actors but they also lead to changes in habits. Case in po
Publish At:2020-04-08 13:53 | Read:519 | Comments:0 | Tags:Cybercrime coronavirus covi Magecart shopping skimmers skimm

Magecart group 7 use new e-skimmer to steal payment data

RiskIQ researchers spotted a new ongoing Magecart campaign that already compromised at least 19 different e-commerce websites. Researchers from security firm RiskIQ have uncovered a new ongoing Magecart campaign that already compromised at least 19 different e-commerce websites to steal customers’ payment card data. The experts discovered a new s
Publish At:2020-04-04 15:17 | Read:399 | Comments:0 | Tags:Breaking News Cyber Crime Hacking Malware Cybercrime hacking

Criminals hack Tupperware website with credit card skimmer

On March 20, Malwarebytes identified a targeted cyberattack against household brand Tupperware and its associated websites that is still active today. We attempted to alert Tupperware immediately after our discovery, but none of our calls or emails were answered. Threat actors compromised the official tupperware[.]com site—which averages close to 1 millio
Publish At:2020-03-25 14:34 | Read:502 | Comments:0 | Tags:Hacking credit card Magecart skimmer skimming steganography

TrueFire Guitar tutoring website was hacked, financial data might have been exposed

The online guitar tutoring website TrueFire was compromised by hackers in a classic Magecart style attack that exposed customers’ payment card data. The popular online guitar tutoring website TrueFire has suffered a ‘Magecart‘ style security breach that might have exposed customers’ personal information and payment card data. T
Publish At:2020-03-18 05:49 | Read:617 | Comments:0 | Tags:Breaking News Cyber Crime Hacking credit card information se

Rocket Loader skimmer impersonates CloudFlare library in clever scheme

Fraudsters are known for using social engineering tricks to dupe their victims, often times by impersonating authority figures to instill trust. In a recent blog post, we noted how criminals behind Magecart skimmers mimicked content delivery networks in order to hide their payload. This time, we are looking at a far more clever scheme. This latest skim
Publish At:2020-03-10 12:32 | Read:517 | Comments:0 | Tags:Threat analysis HTTPS JavaScript Magecart skimmer skimming C

Fraudsters cloak credit card skimmer with fake content delivery network, ngrok server

Threat actors love to abuse legitimate brands and infrastructure—this, we know. Last year we exposed how web skimmers had found their way onto Amazon’s Cloudfront content delivery network (CDN) via insecure S3 buckets. Now, we discovered scammers pretending to be CDNs while exfiltrating data and hiding their tracks—another reason to keep watchful eye o
Publish At:2020-02-26 13:26 | Read:335 | Comments:0 | Tags:Threat analysis cdn content delivery network credit card dat

Uncovering New Magecart Implant Attacking eCommerce

Security expert Marco Ramilli shared the results of an analysis of a skimmer implant spotted in the wild that could be potentially linked to Magecart group. If you are a credit card holder, this post could be of your interest. Defending our financial assets is always one of the top priorities in the cybersecurity community but, on the other side of the co
Publish At:2020-02-19 12:18 | Read:582 | Comments:0 | Tags:Breaking News Cyber Crime Hacking Malware credit cards Cyber

Fintech security: the challenges and fails of a new era

“I have no idea how this app from my bank works, and I don’t trust what I don’t understand.” Josh is not an old curmudgeon or luddite. He’s 42 with a decent understanding of technology. Nevertheless, the changes in fintech have come too fast for him. It’s not that he doesn’t trust his bank. He doesn’t trust him
Publish At:2020-02-05 16:55 | Read:553 | Comments:0 | Tags:Vital infrastructure cryptocurrency finacials fintech gdpr g

6 ways hackers are targeting retail businesses

Retail hacking is no new phenomenon, although it has increased in frequency over the last few years. In fact, retailers experienced more breaches than any other industry in 2019, and they’ve lost over $30 billion to cybersecurity attacks. Both brick-and-mortar and online businesses experience retail hacking. Cybercriminals must often work harder to
Publish At:2020-01-08 16:50 | Read:709 | Comments:0 | Tags:Web threats credential stuffing EMV technology Magecart near

Announce

Share high-quality web security related articles with you:)

Tools