eCommerce and Information Security - Cyber Security Informer

Magecart hackers compromise another 80 eCommerce sites

Security Affairs

AUGUST 28, 2019

Security experts at Aite Group and Arxan Technologies have discovered that hackers under the Magecart umbrella have compromised 80 more eCommerce sites. One out of four of the hacked eCommerce sites were large brands in motorsports and luxury retail. Even more startling is the fact that it took only 2.5 Pierluigi Paganini.

eCommerce

eCommerce Advertising Hacking Engineering

GUEST ESSAY: ‘CyberXchange’ presents a much-needed platform for cybersecurity purchases

The Last Watchdog

OCTOBER 19, 2020

For organizations looking to improve their security posture, this is causing confusion and vendor fatigue, especially for companies that don’t have a full time Chief Information Security Officer. The pandemic is creating a huge shift in the way consumers use ecommerce platforms. The vendors are well-intentioned.

eCommerce

eCommerce Cybersecurity B2B Marketing

Ahold Delhaize experienced a cyber incident affecting several of its U.S. brands

Security Affairs

NOVEMBER 12, 2024

The holding company operates several supermarkets and ecommerce sites in the US, including Food Lion, Giant Food, Hannaford, Stop & Shop, and The Giant Company. Its business format includes supermarkets, convenience stores, hypermarkets, online grocery, online non-food, drugstores, and liquor stores.

eCommerce

eCommerce Cyber Attacks Retail Hacking

Hacking eCommerce sites based on OXID eShop by chaining 2 flaws

Security Affairs

JULY 30, 2019

Researchers at RIPS Technologies discovered vulnerabilities in the OXID eShop platform that could expose eCommerce websites to hack. Experts at RIPS Technologies discovered several flaws in the OXID eShop platform that could be exploited by unauthenticated attackers to compromise eCommerce websites. Pierluigi Paganini. Marriott, GDPR).

eCommerce

eCommerce Hacking Advertising Software

Crooks use Google Tag Manager skimmer to steal credit card data from a Magento-based e-stores

Security Affairs

FEBRUARY 11, 2025

Sucuri researchers found threat actors using Google Tag Manager (GTM) to deploy e-skimmer malware on a Magento eCommerce site. Sucuri researchers observed threat actors leveraging Google Tag Manager (GTM) to install e-skimmer software on Magento-based e-stores.

eCommerce

eCommerce Malware Marketing Hacking

Visa warns of new sophisticated credit card skimmer dubbed Baka

Security Affairs

SEPTEMBER 6, 2020

The alert includes Indicators of Compromise and the following list of best practices and mitigation measures: • Institute recurring checks in eCommerce environments for communications with the C2s. Ensure familiarity and vigilance with code integrated into eCommerce environments via service providers.

eCommerce

eCommerce Malware Encryption Advertising

A new e-skimmer found on WordPress site using the WooCommerce plugin

Security Affairs

APRIL 12, 2020

The e-skimmer doesn’t just intercept payment information provided by the users into the fields on a check-out page. Naturally, WooCommerce and other WordPress-based ecommerce websites have been targeted before, but this has typically been limited to modifications of payment details within the plugin settings.”

eCommerce

eCommerce Malware Advertising Software

Threat actors compromised +500 Magento-based e-stores with e-skimmers

Security Affairs

FEBRUARY 10, 2022

Experts uncovered a mass Magecart campaign that compromised over 500 e-store running the Magento 1 eCommerce platform. Researchers from cybersecurity firm Sansec uncovered a massive Magecart campaign that already compromised more than 500 online stores running the Magento 1 eCommerce platform. com domain. com domain.

eCommerce

eCommerce Malware Hacking Cybersecurity

Critical Magento zero-day flaw CVE-2022-24086 actively exploited

Security Affairs

FEBRUARY 14, 2022

Last week, researchers from cybersecurity firm Sansec uncovered a massive Magecart campaign that already compromised more than 500 online stores running the Magento 1 eCommerce platform. More than 350 ecommerce stores infected with malware in a single day. com domain.

eCommerce

eCommerce Malware Authentication Hacking

Attackers deploy Linux backdoor on e-stores compromised with software skimmer

Security Affairs

NOVEMBER 18, 2021

Security researchers from Sansec Threat Research Team discovered a Linux backdoor during an investigation into the compromised of an e-commerce server with a software skimmer. The attackers initially conducted a reconnaissance phase by probing the e-store with automated eCommerce attack probes.

Software

Software eCommerce Malware Engineering

Crooks injects e-skimmers in random WordPress plugins of e-stores

Security Affairs

DECEMBER 9, 2021

“If you operate an eCommerce website, be sure to be extra cautious during the holiday season. This is when we see attacks and compromises on ecommerce websites at their highest volume as attackers are poised to make handsome profits from stolen credit card details.” ” concludes the report.

eCommerce

eCommerce Firewall Malware Hacking

Experts spotted five malicious Google Chrome extensions used by 1.4M users

Security Affairs

AUGUST 31, 2022

The extensions a designed to track the user’s browsing activity, they are also able can insert code into eCommerce websites being visited. They do this so that they can insert code into eCommerce websites being visited. . js that sends every URL visited by the victims to the C2 and injects code into the eCommerce sites.

eCommerce

eCommerce Retail Authentication Hacking

A new sophisticated JavaScript Skimmer dubbed Pipka used in the wild

Security Affairs

NOVEMBER 15, 2019

Unlike other skimmers, Pipka has the ability to remove itself from the compromised HTML code after execution, in an effort to avoid detection, Visa notes in a security alert ( PDF ). VISA PFD believes that Pipka will continue to evolve and that its use will increase in the cybercrime ecosystem to target eCommerce merchant websites.

eCommerce

eCommerce Advertising Accountability Cybercrime

PCI Compliance: The Key To eCommerce Customer Trust

SiteLock

AUGUST 27, 2021

The PCI Security Standards Council aims to achieve six goals : Build and Maintain a Secure Network. Maintain an Information Security Policy. Protect Cardholder Data. Maintain a Vulnerability Management Program. Implement a Strong Access Control Measure. Regularly Monitor and Test Networks. Why It’s Important To You.

eCommerce

eCommerce Financial Services Banking Information Security

WordPress Plugin abused to install e-skimmers in e-commerce sites

Security Affairs

MAY 28, 2024

Disabling the auto-fill feature on the fake checkout form is an evasion trick that reduces the chances of the browser warning users about entering sensitive information. “In essence, ecommerce sites are prime targets for hackers due to the valuable data they handle.” ” concludes the report.

eCommerce

eCommerce Firewall Malware Passwords

Over 23 million stolen payment card data traded on the Dark Web in H1 2019

Security Affairs

JULY 28, 2019

They infect computers and other devices with malware to record payment information when their owners buy from ecommerce sites. ““CVV” information is sold with the three-digit number on the back of the card, which tend to be used in schemes in which criminals order things online.

eCommerce

eCommerce Marketing Advertising Accountability

Law enforcement Operation HAECHI IV led to the seizure of $300 Million

Security Affairs

DECEMBER 20, 2023

The six-month operation (July-December 2023) targeted organizations involved in seven types of online scams: business email compromise (BEC), ecommerce fraud, investment fraud, voice phishing , money laundering associated with illegal online gambling, romance scams , and online sextortion schemes.

Scams

Scams eCommerce Banking Cybercrime

Magecart attacks are still around but are more difficult to detect

Security Affairs

JUNE 22, 2022

link] #Magecart #ecommerce pic.twitter.com/p3C4EOXh3C — Sansec (@sansecio) June 9, 2022. We're right on the heels of Magecart cybercriminals New malware domain found: scanalytic[.org org Sansec tracks payment fraudsters around the clock. Sometimes we are able to defuse their skimming domains before they are put to use.

eCommerce

eCommerce InfoSec Malware Hacking

NginRAT – A stealth malware targets e-store hiding on Nginx servers

Security Affairs

DECEMBER 2, 2021

“On a typical eCommerce web server, there are many Nginx processes. When the legitimate Nginx web server uses such functionality (eg dlopen), NginRAT injects itself. The result is a remote access trojan that is embedded in the Nginx process.” ” reads the analysis published by the experts.

Malware

Malware eCommerce Hacking Information Security

Authorities arrest 3 Indonesian hackers behind many Magecart attacks

Security Affairs

JANUARY 26, 2020

.” According to the experts from Sanguine Security, this group is responsible only for 1% of overall attacks carried out by groups under the Magecart umbrella, this means that many other hackers are ready to attack e-commerce sites worldwide. ” concluded the experts.

Computers and Electronics

Computers and Electronics eCommerce Advertising Cybercrime

Retail giant Costco discloses data breach, payment card data exposed

Security Affairs

NOVEMBER 12, 2021

The company also operates eCommerce websites for shoppers in North and South America, Europe and Asia. “We The retail giant has 737 membership-only retail stores across the U.S., it is the fifth-largest retailer in the world and the 10th-largest corporation in the country by total revenue.

Retail

Retail Data breaches eCommerce Hacking

US-based children’s clothing maker Hanna Andersson discloses a data breach

Security Affairs

JANUARY 21, 2020

The company immediately launched an investigation that revealed that a third-party ecommerce platform, Salesforce Commerce Cloud, was infected with an e-skimmer. @troyhunt another one for your collection? pic.twitter.com/ervMIdaNEi — Stryke the Orc (@stryke_the_orc) January 18, 2020.

Data breaches

Data breaches Retail Identity Theft eCommerce

Researchers analyzed a new JavaScript skimmer used by Magecart threat actors

Security Affairs

SEPTEMBER 2, 2022

JavaScript #skimmer overlayed onto payment page of an infected #Magento ecommerce store to steal payment card data from visitors exfils to united81[.]com com #magecart #infosec #cybersecurity #malware [link] pic.twitter.com/x8VrkKzXPc — Luke Leal (@rootprivilege) August 26, 2022.

Digital transformation

Digital transformation eCommerce InfoSec Media

Payment Security Experts Emphasize Working Together

PCI perspectives

AUGUST 12, 2021

Here we talk with Carlos Caetano, PCI Security Standards Council Associate Director , Latin American Region for Brazil, Elder Vinicius Telles de Arruda, Information Security Manager, Getnet ; Enildo Barros, IT Services Head, C6 Bank and Ricardo Nilsen Moreno, Information Security Superintendent, Banco Safra about cloud security trends, highlights from (..)

Banking

Banking Information Security eCommerce

Samsung suffered a new data breach

Security Affairs

NOVEMBER 16, 2023

On 13 November 2023, it was determined that an unauthorised individual exploited a vulnerability in a third-party business application we use, and that some personal information of certain customers who made purchases on SEUK’s eCommerce site between July 1, 2019 and June 30, 2020, was affected.”

Data breaches

Data breaches eCommerce Hacking Passwords

Global Shipping and mailing services firm Pitney Bowes hit by ransomware attack

Security Affairs

OCTOBER 15, 2019

Pitney Bowes is a global technology company that provides commerce solutions in the areas of ecommerce, shipping, mailing, data and financial services. “Pitney Bowes was affected by a malware attack that encrypted information on some systems and disrupted customer access to some of our services.

Ransomware

Ransomware eCommerce Advertising Financial Services

Security Affairs newsletter Round 229 – News of the week

Security Affairs

SEPTEMBER 1, 2019

Magecart hackers compromise another 80 eCommerce sites. FIN6 recently expanded operations to target eCommerce sites. White hat hacker demonstrated how to hack a million Instagram accounts. French Police remotely disinfected 850,000 PCs from RETADUP bot. TA505 group updates tactics and expands the list of targets.

eCommerce

eCommerce Data breaches Malware Advertising

Evilnum Group targets European and British fintech companies

Security Affairs

JULY 10, 2020

Older versions of these components were previously used by the FIN6 APT group in attacks on eCommerce merchants. According to ESET, the Golden Chickens components used by Evilnum are from the TerraLoader family, they include More_eggs , TerraPreter, TerraStealer (also known as SONE or Stealer One), and TerraTV. ” concludes ESET.

eCommerce

eCommerce Advertising Malware Spyware

Magento and Adobe Commerce websites under attack

Security Affairs

NOVEMBER 17, 2022

” reads the report published by the experts “The trend in recent weeks paints a grim picture for ecommerce DevOps teams worldwide for the coming weeks.” Merchants and developers should be on the lookout for TrojanOrders: orders that exploit a critical vulnerability in Magento stores.”

eCommerce

eCommerce Hacking Authentication Technology

Carding Action 2020: Group-IB supports Europol-backed operation saving €40 million

Security Affairs

NOVEMBER 26, 2020

All of the 90,000 pieces analysed by Group-IB included full card data – cards compromised via phishing websites, from end devices infected with banking Trojans, as well as by the means of hijacked eCommerce websites and the use of JS-sniffers.

Cybercrime

Cybercrime eCommerce Banking Marketing

The Rise of Passkeys

Duo's Security Blog

FEBRUARY 13, 2024

Thanks to the application of advanced math and science, Public Key Cryptography was used to develop a means of securing ecommerce over the internet. Then, in turn, they can digitally sign that message and use that secret to set up an encrypted session to send it back and then both parties can communicate bidirectionally securely.

eCommerce

eCommerce Authentication Encryption Passwords

Ransomware en masse on the wane: top threats inside web-phishing in H1 2020

Security Affairs

SEPTEMBER 18, 2020

Just as it was the case in the second half of 2019, in the first half of this year, online services like ecommerce websites turned out to be the main target of web-phishers. Pandemic chronicle. In the light of global pandemic and the businesses’ dive into online world, the share of this phishing category increased to remarkable 46 percent.

Phishing

Phishing Ransomware Spyware Banking

Kickstart Your Cyber Career in 2023 with a Winning Cyber Resume (Webinar)

CyberSecurity Insiders

JANUARY 4, 2023

Your Cyber Industry Panelists Include: Top Cyber Employer: Robert Chubbuck | Information Assurance Systems Engineer Lead at CACI International Inc | Faculty, ODU. Mr. Chubbuck has over 25 years of Information Security and Technology experience. He mentored numerous individuals to expand their knowledge.

eCommerce

eCommerce Education Technology Cybersecurity

Pay it safe: Group-IB aids Paxful in repelling a series of web-bot attacks

Security Affairs

OCTOBER 20, 2020

They are a big headache for eCommerce businesses today, with cybercriminals using them to steal money, brute-force user credentials or carry out DDoS attacks. Bots, which are reported to generate about a quarter of global Web traffic, are de facto programs that emulate the actions of a real device for the purposes needed.

Cryptocurrency

Cryptocurrency Social Engineering eCommerce Engineering

Cybercriminals Implemented Artificial Intelligence (AI) for Invoice Fraud

Security Affairs

JANUARY 3, 2024

Resecurity has uncovered a cybercriminal faction known as “ GXC Team “, who specializes in crafting tools for online banking theft, ecommerce deception, and internet scams. Crooks created a new tool that uses Artificial Intelligence (AI) for creating fraudulent invoices used for wire fraud and BEC.

Artificial Intelligence

Artificial Intelligence Banking Scams Cybercrime

Pitney Bowes revealed that its systems were infected with Ryuk Ransomware

Security Affairs

OCTOBER 18, 2019

Pitney Bowes is a global technology company that provides commerce solutions in the areas of ecommerce , shipping, mailing, data and financial services. The global shipping and mailing services company Pitney Bowes recently suffered a partial outage of its service caused by a ransomware attack. ” reads the update shared by the company.

Ransomware

Ransomware eCommerce Advertising Financial Services

Exclusive: The largest mobile malware marketplace identified by Resecurity in the Dark Web

Security Affairs

DECEMBER 5, 2022

Currently, cybercriminals are offering over 1,849 malicious scenarios for sale, designed for major financial institutions, ecommerce, payment systems, online retailers, and social media companies from over 45 countries including the U.S, Canada, Brazil, Colombia, Mexico, Saudi Arabia, Bahrain, Turkey, and Singapore.

Mobile

Mobile Malware Banking Retail

Cybercriminals are Oversharing with Social Media Data Breaches

SiteLock

AUGUST 27, 2021

The stolen data was several years old, but it is still valuable on the dark web because people often reuse passwords for multiple sites and accounts, from online banking to eCommerce accounts. If a hacker gets their hands on the correct email and password combination, they can break into the victims’ accounts on various sites.

Data breaches

Data breaches Media Passwords Accountability

Operation Night Fury: Group-IB helps take down a cybergang behind the infection of hundreds of websites all over the world

Security Affairs

JANUARY 27, 2020

JavaScript-sniffers (JS-sniffers) targeting ecommerce websites is a type of malicious JavaScript code, designed to steal customer payment and personal data such as credit card numbers, names, addresses, logins, phone numbers, and credentials from payment systems, and etc. ” James Tan.

Cybercrime

Cybercrime Marketing eCommerce Advertising

Microsoft warns of new highly evasive web skimming campaigns

Security Affairs

MAY 24, 2022

Microsoft security researchers recently observed web skimming campaigns that used multiple obfuscation techniques to avoid detection. Threat actors behind web skimming campaigns are using malicious JavaScript to mimic Google Analytics and Meta Pixel scripts to avoid detection.

Hacking

Hacking eCommerce Cybersecurity Information Security

The Hacker Mind Podcast: Hacking Healthcare

ForAllSecure

JANUARY 15, 2021

I’m Robert Vamosi and this episode about best practices in information security, and how critical life services, in particular, remain at risk today -- in the middle of a global pandemic. Welcome to the Hacker Mind, an original podcast from ForAllSecure. They're doing an enormous amount of business.

Healthcare

Healthcare Hacking InfoSec Software

The Hacker Mind Podcast: Hacking Healthcare

ForAllSecure

JANUARY 15, 2021

I’m Robert Vamosi and this episode about best practices in information security, and how critical life services, in particular, remain at risk today -- in the middle of a global pandemic. Welcome to the Hacker Mind, an original podcast from ForAllSecure. They're doing an enormous amount of business.

Healthcare

Healthcare Hacking InfoSec Software

Security Affairs newsletter Round 252

Security Affairs

FEBRUARY 23, 2020

5 Ways artificial intelligence Is Being Used to Keep Sensitive Information Secure. Uncovering New Magecart Implant Attacking eCommerce. Unsigned Firmware running on peripherals could expose Windows, Linux systems to hack. DRBControl cyber-espionage group targets gambling, betting companies.

Artificial Intelligence

Artificial Intelligence eCommerce Hacking Advertising

Cybersecurity Awareness Month: Security Experts Reflect on Safety

CyberSecurity Insiders

NOVEMBER 1, 2021

The global pandemic has kept people home, and so many consumers have entered the world of eCommerce. Many of those who are new to eCommerce have proven more likely to reuse passwords and less likely to follow security best practices. Jon Clemenson, director of information security, TokenEx. How can that be?

Cybersecurity

Cybersecurity Backups Ransomware Passwords

Magecart hackers compromise another 80 eCommerce sites

GUEST ESSAY: ‘CyberXchange’ presents a much-needed platform for cybersecurity purchases

Trending Sources

Ahold Delhaize experienced a cyber incident affecting several of its U.S. brands

Hacking eCommerce sites based on OXID eShop by chaining 2 flaws

Crooks use Google Tag Manager skimmer to steal credit card data from a Magento-based e-stores

Visa warns of new sophisticated credit card skimmer dubbed Baka

A new e-skimmer found on WordPress site using the WooCommerce plugin

Threat actors compromised +500 Magento-based e-stores with e-skimmers

Critical Magento zero-day flaw CVE-2022-24086 actively exploited

Attackers deploy Linux backdoor on e-stores compromised with software skimmer

Crooks injects e-skimmers in random WordPress plugins of e-stores

Experts spotted five malicious Google Chrome extensions used by 1.4M users

A new sophisticated JavaScript Skimmer dubbed Pipka used in the wild

PCI Compliance: The Key To eCommerce Customer Trust

WordPress Plugin abused to install e-skimmers in e-commerce sites

Over 23 million stolen payment card data traded on the Dark Web in H1 2019

Law enforcement Operation HAECHI IV led to the seizure of $300 Million

Magecart attacks are still around but are more difficult to detect

NginRAT – A stealth malware targets e-store hiding on Nginx servers

Authorities arrest 3 Indonesian hackers behind many Magecart attacks

Retail giant Costco discloses data breach, payment card data exposed

US-based children’s clothing maker Hanna Andersson discloses a data breach

Researchers analyzed a new JavaScript skimmer used by Magecart threat actors

Payment Security Experts Emphasize Working Together

Samsung suffered a new data breach

Global Shipping and mailing services firm Pitney Bowes hit by ransomware attack

Security Affairs newsletter Round 229 – News of the week

Evilnum Group targets European and British fintech companies

Magento and Adobe Commerce websites under attack

Carding Action 2020: Group-IB supports Europol-backed operation saving €40 million

The Rise of Passkeys

Ransomware en masse on the wane: top threats inside web-phishing in H1 2020

Kickstart Your Cyber Career in 2023 with a Winning Cyber Resume (Webinar)

Pay it safe: Group-IB aids Paxful in repelling a series of web-bot attacks

Cybercriminals Implemented Artificial Intelligence (AI) for Invoice Fraud

Pitney Bowes revealed that its systems were infected with Ryuk Ransomware

Exclusive: The largest mobile malware marketplace identified by Resecurity in the Dark Web

Cybercriminals are Oversharing with Social Media Data Breaches

Operation Night Fury: Group-IB helps take down a cybergang behind the infection of hundreds of websites all over the world

Microsoft warns of new highly evasive web skimming campaigns

The Hacker Mind Podcast: Hacking Healthcare

The Hacker Mind Podcast: Hacking Healthcare

Security Affairs newsletter Round 252

Cybersecurity Awareness Month: Security Experts Reflect on Safety

Stay Connected