Dec 22, 2023NewsroomSkimming / Web Security Threat hunters have discovered a rogue WordPress plugin that's capable of creating bogus administrator users and injecting malicious JavaScript code to steal credit card information. The skimming activity is part of a Magecart campaign targeting e-commerce websites, according to Sucuri. "As with many other malicious or fake … [Read more...] about Rogue WordPress Plugin Exposes E-Commerce Sites to Credit Card Theft
Credit
Magecart Hackers Hide Stolen Credit Card Data Into Images for Evasive Exfiltration
Cybercrime actors part of the Magecart group have latched on to a new technique of obfuscating the malware code within comment blocks and encoding stolen credit card data into images and other files hosted on the server, once again demonstrating how the attackers are continuously improving their infection chains to escape detection. "One tactic that some Magecart actors employ … [Read more...] about Magecart Hackers Hide Stolen Credit Card Data Into Images for Evasive Exfiltration
Air India Hack Exposes Credit Card and Passport Info of 4.5 Million Passengers
India's flag carrier airline, Air India, has disclosed a data breach affecting 4.5 million of its customers over a period stretching nearly 10 years after its Passenger Service System (PSS) provider SITA fell victim to a cyber attack earlier this year. The breach involves personal data registered between Aug. 26, 2011 and Feb. 3, 2021, including details such as names, dates of … [Read more...] about Air India Hack Exposes Credit Card and Passport Info of 4.5 Million Passengers
Law Enforcement Seizes Joker’s Stash — Stolen Credit Card Marketplace
The US Federal Bureau of Investigation (FBI) and Interpol have allegedly seized proxy servers used in connection with Blockchain-based domains belonging to Joker's Stash, a notorious fraud bazaar known for selling compromised payment card data in underground forums. The takedown happened last week on December 17. The operators of Joker's Stash operate several versions of the … [Read more...] about Law Enforcement Seizes Joker’s Stash — Stolen Credit Card Marketplace
Over 2800 e-Shops Running Outdated Magento Software Hit by Credit Card Hackers
A wave of cyberattacks against retailers running the Magento 1.x e-commerce platform earlier this September has been attributed to one single group, according to the latest research. "This group has carried out a large number of diverse Magecart attacks that often compromise large numbers of websites at once through supply chain attacks, such as the Adverline incident, or … [Read more...] about Over 2800 e-Shops Running Outdated Magento Software Hit by Credit Card Hackers
New Web-Based Credit Card Stealer Uses Telegram Messenger to Exfiltrate Data
Cybercriminal groups are constantly evolving to find new ways to pilfer financial information, and the latest trick in their arsenal is to leverage the messaging app Telegram to their benefit.In what's the latest tactic adopted by Magecart groups, the encrypted messaging service is being used to send stolen payment details from compromised websites back to the attackers."For … [Read more...] about New Web-Based Credit Card Stealer Uses Telegram Messenger to Exfiltrate Data
Evasive Credit Card Skimmers Using Homograph Domains and Infected Favicon
Cybersecurity researchers today highlighted an evasive phishing technique that attackers are exploiting in the wild to target visitors of several sites with a quirk in domain names, and leverage modified favicons to inject e-skimmers and steal payment card information covertly."The idea is simple and consists of using characters that look the same in order to dupe users," … [Read more...] about Evasive Credit Card Skimmers Using Homograph Domains and Infected Favicon
e-Commerce Site Hackers Now Hiding Credit Card Stealer Inside Image Metadata
In what's one of the most innovative hacking campaigns, cybercrime gangs are now hiding malicious code implants in the metadata of image files to covertly steal payment card information entered by visitors on the hacked websites."We found skimming code hidden within the metadata of an image file (a form of steganography) and surreptitiously loaded by compromised online stores," … [Read more...] about e-Commerce Site Hackers Now Hiding Credit Card Stealer Inside Image Metadata
Hackers Using Google Analytics to Bypass Web Security and Steal Credit Cards
Researchers reported on Monday that hackers are now exploiting Google's Analytics service to stealthily pilfer credit card information from infected e-commerce sites.According to several independent reports from PerimeterX, Kaspersky, and Sansec, threat actors are now injecting data-stealing code on the compromised websites in combination with tracking code generated by Google … [Read more...] about Hackers Using Google Analytics to Bypass Web Security and Steal Credit Cards
Hackers Stole Customers’ Credit Cards from 103 Checkers and Rally’s Restaurants
If you have swiped your payment card at the popular Checkers and Rally's drive-through restaurant chains in past 2-3 years, you should immediately request your bank to block your card and notify it if you notice any suspicious transaction.Checkers, one of the largest drive-through restaurant chains in the United States, disclosed a massive long-running data breach yesterday … [Read more...] about Hackers Stole Customers’ Credit Cards from 103 Checkers and Rally’s Restaurants