HackDig : Dig high-quality web security articles for hackers

Demystifying two common misconceptions with e-commerce security

Online shopping has seen a dramatic increase in the months following the Covid-19 outbreak as more and more people opt-out of visiting physical stores. Such a phenomenon does not go unnoticed or without additional consequences. During the same time period, we have seen an increase in the usual scams but also digital skimming, the online equivalent of credit
Publish At:2020-11-20 12:42 | Read:113 | Comments:0 | Tags:Cybercrime e-commerce HTTPS iframe Magecart merchant padlock

Lock and Code S1Ep17: Journalism’s role in cybersecurity with Alfred Ng and Seth Rosenblatt

Most everything about cybersecurity—the threats, the vulnerabilities, the breaches and the blunders—doesn’t happen in a vacuum. And the public doesn’t learn about those things because threat actors advertise their exploits, or because companies trumpet their lackluster data security practices. No, we often learn about cybersecurity issues because of
Publish At:2020-10-12 13:05 | Read:265 | Comments:0 | Tags:Podcast ai software disinformation fullz house healthcare im

Credit card skimmer targets virtual conference platform

We’ve seen many security incidents affecting different websites simultaneously because they were loading the same tampered piece of code. In many instances, this is due to what we call a supply-chain attack, where a threat actor targets one company that acts as an intermediary to others. In today’s case, the targeted websites all reside on the
Publish At:2020-10-08 19:23 | Read:229 | Comments:0 | Tags:Malwarebytes news Inter Magecart skimmer

Mobile network operator falls into the hands of Fullz House criminal group

Most victims of Magecart-based attacks tend to be typical online shops selling various goods. However, every now and again we come across different types of businesses which were affected simply because they happened to be vulnerable. Today we take a quick look at a mobile operator who offers cell phone plans to its customers. Their website lets you shop
Publish At:2020-10-05 17:17 | Read:404 | Comments:0 | Tags:Malwarebytes news credit card fullz house Magecart skimmer

Thousands of Magento stores hacked in a few days in largest-ever skimming campaign

Thousands of Magento online stores have been hacked over the past few days as part of the largest ever skimming campaign. Security experts from cybersecurity firm Sansec reported that nearly 2,000 Magento online stores have been hacked over the past few days as part of the largest ever Magecart-style campaign. Most of the hacked sites were running Magento
Publish At:2020-09-14 18:20 | Read:354 | Comments:0 | Tags:Breaking News Cyber Crime Hacking Malware exploit code infor

Warner Music Group online stores hit by look-like Magecart attack

Warner Music Group (WMG) disclosed a data breach affecting US-based e-commerce stores, the compromise appears to be a Magecart attack. Warner Music Group (WMG) is a major music company with interests in recorded music, music publishing and artist services. The company has disclosed a data breach that impacted customers’ personal and financial inform
Publish At:2020-09-04 12:21 | Read:350 | Comments:0 | Tags:Breaking News Data Breach Hacking hacking news information s

Hackers use e-skimmer that exfiltrates payment data via Telegram

Researchers observed a new tactic adopted by Magecart groups, the hackers used Telegram to exfiltrate stolen payment details from compromised websites. Researchers from Malwarebytes reported that Magecart groups are using the encrypted messaging service Telegram to exfiltrate stolen payment details from compromised websites. Attackers encrypt payment d
Publish At:2020-09-02 12:30 | Read:483 | Comments:0 | Tags:Breaking News Cyber Crime Hacking Malware e-skimming hacking

New web skimmer steals credit card data, sends to crooks via Telegram

The digital credit card skimming landscape keeps evolving, often borrowing techniques used by other malware authors in order to avoid detection. As defenders, we look for any kind of artifacts and malicious infrastructure that we might be able to identify to protect our users and alert affected merchants. These malicious artifacts can range from compromis
Publish At:2020-09-01 16:25 | Read:353 | Comments:0 | Tags:Web threats credit card credit card skimmer credit card skim

Homoglyph attacks used in phishing campaign and Magecart attacks

Researchers detailed a new evasive phishing technique that leverages modified favicons to inject e-skimmers and steal payment card data covertly. Researchers from cybersecurity firm Malwarebytes have analyzed a new evasive phishing technique used by attackers in the wild in Magecart attacks. The hackers targeted visitors of several sites using typo-squatt
Publish At:2020-08-09 07:37 | Read:487 | Comments:0 | Tags:Breaking News Hacking e-skimmer Homoglyph attacks informatio

Inter skimming kit used in homoglyph attacks

As we continue to track web threats and credit card skimming in particular, we often rediscover techniques we’ve encountered elsewhere before. In this post, we share a recent find that involves what is known as an homoglyph attack. This technique has been exploited for some time already, especially in phishing scams with IDN homograph attacks. Th
Publish At:2020-08-06 16:20 | Read:546 | Comments:0 | Tags:Threat analysis credit card skimming homoglyph Inter kit Mag

Credit card skimmer targets ASP.NET sites

Cybercriminals typically focus on targets that can get them the highest return with the least amount of effort. This is often determined by their ability to scale attacks, and therefore on how prevalent a vulnerability or target system is. Enter: the credit card skimmer. In the world of digital skimming, we’ve seen the most activity on e-commerce co
Publish At:2020-07-06 15:00 | Read:548 | Comments:0 | Tags:Threat analysis ASP.net credit card credit card skimmer cred

US Local Government Services Targeted by New Magecart Credit Card Skimming Attack

Eight cities across three states in the United States have fallen victim to a Magecart card skimming attack. In these attacks, their websites were compromised to host credit card skimmers which passed on the credit card information of residents to cybercriminals. These sites all appear to have been built using Click2Gov, a web-based platform meant for use by
Publish At:2020-06-29 20:10 | Read:529 | Comments:0 | Tags:Bad Sites Malware Click2Gov local government Magecart

Web skimmer hides within EXIF metadata, exfiltrates credit cards via image files

They say a picture is worth a thousand words. Threat actors must have remembered that as they devised yet another way to hide their credit card skimmer in order to evade detection. When we first investigated this campaign, we thought it may be another one of those favicon tricks, which we had described in a previous blog. However, it turned out to be diff
Publish At:2020-06-25 16:41 | Read:493 | Comments:0 | Tags:Threat analysis EXIF Magecart metadata skimmers skimming

Accessories giant Claire’s is the victim of a Magecart attack, credit card data exposed

Hackers breached the websites of the U.S. accessory giant Claire’s, and its subsidiary Icing, and gained access to customer’s credit card data. Threat actors have hacked the websites of the U.S. based jewelry and accessory giant Claire’s, and its subsidiary Icing, the security breach took place in April and attackers may have gained acce
Publish At:2020-06-15 07:15 | Read:655 | Comments:0 | Tags:Breaking News Hacking Malware credit card e-skimmer hacking

Lock and Code S1Ep7: Sounding the trumpet on web browser privacy with Pieter Arntz

This week on Lock and Code, we discuss the top security headlines generated right here on Labs and around the Internet. In addition, we talk to Pieter Arntz, malware intelligence researcher at Malwarebytes, about web browser privacy—an often neglected subcategory of data privacy. Without the proper restrictions, browsers can allow web trackers to follow
Publish At:2020-05-26 14:44 | Read:635 | Comments:0 | Tags:Malwarebytes news Podcast Android spyware bec best MSP pract

Tools