HackDig : Dig high-quality web security articles

Magecart hackers hide captured credit card data in JPG file

Crooks devised a new method to hide credit card data siphoned from compromised e-stores, experts observed hackers hiding data in JPG files. Cybercriminals have devised a new method to hide credit card data siphoned from compromised online stores, experts from Sucuri observed Magecart hackers hiding data in JPG files to avoid detection and storing them on
Publish At:2021-03-16 14:48 | Read:378 | Comments:0 | Tags:Breaking News Cyber Crime Hacking credit card hacking news i

Hackers steal credit card data abusing Google’s Apps Script

Hackers abuse Google Apps Script to steal credit cards, bypass CSP Attackers are abusing Google’s Apps Script business application development platform to steal payment card information from e-stores. Sansec researchers reported that threat actors are abusing Google’s Apps Script business application development platform to steal credi
Publish At:2021-02-19 06:24 | Read:567 | Comments:0 | Tags:Breaking News Cyber Crime Malware Google's Apps Script

Credit card skimmer piggybacks on Magento 1 hacking spree

Back in the fall of 2020 threat actors started to massively exploit a vulnerability in the no-longer maintained Magento 1 software branch. As a result, thousands of e-commerce shops were compromised and many of them injected with credit card skimming code. While monitoring activities tied to this Magento 1 campaign, we identified an e-commerce shop that h
Publish At:2021-02-02 15:06 | Read:801 | Comments:0 | Tags:Cybercrime costway Magecart magento skimmer hack

Demystifying two common misconceptions with e-commerce security

Online shopping has seen a dramatic increase in the months following the Covid-19 outbreak as more and more people opt-out of visiting physical stores. Such a phenomenon does not go unnoticed or without additional consequences. During the same time period, we have seen an increase in the usual scams but also digital skimming, the online equivalent of credit
Publish At:2020-11-20 12:42 | Read:611 | Comments:0 | Tags:Cybercrime e-commerce HTTPS iframe Magecart merchant padlock

Lock and Code S1Ep17: Journalism’s role in cybersecurity with Alfred Ng and Seth Rosenblatt

Most everything about cybersecurity—the threats, the vulnerabilities, the breaches and the blunders—doesn’t happen in a vacuum. And the public doesn’t learn about those things because threat actors advertise their exploits, or because companies trumpet their lackluster data security practices. No, we often learn about cybersecurity issues because of
Publish At:2020-10-12 13:05 | Read:778 | Comments:0 | Tags:Podcast ai software disinformation fullz house healthcare im

Credit card skimmer targets virtual conference platform

We’ve seen many security incidents affecting different websites simultaneously because they were loading the same tampered piece of code. In many instances, this is due to what we call a supply-chain attack, where a threat actor targets one company that acts as an intermediary to others. In today’s case, the targeted websites all reside on the
Publish At:2020-10-08 19:23 | Read:926 | Comments:0 | Tags:Malwarebytes news Inter Magecart skimmer

Mobile network operator falls into the hands of Fullz House criminal group

Most victims of Magecart-based attacks tend to be typical online shops selling various goods. However, every now and again we come across different types of businesses which were affected simply because they happened to be vulnerable. Today we take a quick look at a mobile operator who offers cell phone plans to its customers. Their website lets you shop
Publish At:2020-10-05 17:17 | Read:992 | Comments:0 | Tags:Malwarebytes news credit card fullz house Magecart skimmer

Thousands of Magento stores hacked in a few days in largest-ever skimming campaign

Thousands of Magento online stores have been hacked over the past few days as part of the largest ever skimming campaign. Security experts from cybersecurity firm Sansec reported that nearly 2,000 Magento online stores have been hacked over the past few days as part of the largest ever Magecart-style campaign. Most of the hacked sites were running Magento
Publish At:2020-09-14 18:20 | Read:932 | Comments:0 | Tags:Breaking News Cyber Crime Hacking Malware exploit code infor

Warner Music Group online stores hit by look-like Magecart attack

Warner Music Group (WMG) disclosed a data breach affecting US-based e-commerce stores, the compromise appears to be a Magecart attack. Warner Music Group (WMG) is a major music company with interests in recorded music, music publishing and artist services. The company has disclosed a data breach that impacted customers’ personal and financial inform
Publish At:2020-09-04 12:21 | Read:816 | Comments:0 | Tags:Breaking News Data Breach Hacking hacking news information s

Hackers use e-skimmer that exfiltrates payment data via Telegram

Researchers observed a new tactic adopted by Magecart groups, the hackers used Telegram to exfiltrate stolen payment details from compromised websites. Researchers from Malwarebytes reported that Magecart groups are using the encrypted messaging service Telegram to exfiltrate stolen payment details from compromised websites. Attackers encrypt payment d
Publish At:2020-09-02 12:30 | Read:1072 | Comments:0 | Tags:Breaking News Cyber Crime Hacking Malware e-skimming hacking

New web skimmer steals credit card data, sends to crooks via Telegram

The digital credit card skimming landscape keeps evolving, often borrowing techniques used by other malware authors in order to avoid detection. As defenders, we look for any kind of artifacts and malicious infrastructure that we might be able to identify to protect our users and alert affected merchants. These malicious artifacts can range from compromis
Publish At:2020-09-01 16:25 | Read:879 | Comments:0 | Tags:Web threats credit card credit card skimmer credit card skim

Homoglyph attacks used in phishing campaign and Magecart attacks

Researchers detailed a new evasive phishing technique that leverages modified favicons to inject e-skimmers and steal payment card data covertly. Researchers from cybersecurity firm Malwarebytes have analyzed a new evasive phishing technique used by attackers in the wild in Magecart attacks. The hackers targeted visitors of several sites using typo-squatt
Publish At:2020-08-09 07:37 | Read:1274 | Comments:0 | Tags:Breaking News Hacking e-skimmer Homoglyph attacks informatio

Inter skimming kit used in homoglyph attacks

As we continue to track web threats and credit card skimming in particular, we often rediscover techniques we’ve encountered elsewhere before. In this post, we share a recent find that involves what is known as an homoglyph attack. This technique has been exploited for some time already, especially in phishing scams with IDN homograph attacks. Th
Publish At:2020-08-06 16:20 | Read:1111 | Comments:0 | Tags:Threat analysis credit card skimming homoglyph Inter kit Mag

Credit card skimmer targets ASP.NET sites

Cybercriminals typically focus on targets that can get them the highest return with the least amount of effort. This is often determined by their ability to scale attacks, and therefore on how prevalent a vulnerability or target system is. Enter: the credit card skimmer. In the world of digital skimming, we’ve seen the most activity on e-commerce co
Publish At:2020-07-06 15:00 | Read:1267 | Comments:0 | Tags:Threat analysis ASP.net credit card credit card skimmer cred

US Local Government Services Targeted by New Magecart Credit Card Skimming Attack

Eight cities across three states in the United States have fallen victim to a Magecart card skimming attack. In these attacks, their websites were compromised to host credit card skimmers which passed on the credit card information of residents to cybercriminals. These sites all appear to have been built using Click2Gov, a web-based platform meant for use by
Publish At:2020-06-29 20:10 | Read:994 | Comments:0 | Tags:Bad Sites Malware Click2Gov local government Magecart