Credit card skimmer targets ASP.NET sites
This unusual web skimmer campaign goes after sites running Microsoft’s IIS servers with an outdated version of the ASP.NET framework.
Criminals hack Tupperware website with credit card skimmer
This latest hack from Magecart threat actors was well planned and executed.
New evasion techniques found in web skimmers
As Magecart credit card skimmers become exposed by security researchers, their authors are refining evasion techniques to go undetected.
A week in security (December 9 – 15)
A roundup of cybersecurity news from December 9 – 15, including smart doorbell concerns, a new credit card skimmer vulnerability, and a deep dive into Ryuk ransomware.
Hundreds of counterfeit online shoe stores injected with credit card skimmer
A Magecart credit card skimmer was found injected into hundreds of counterfeit, brand-name shoe stores—a one-two punch of victimization for users first duped with fake goods then stripped of their personal data.
There’s an app for that: web skimmers found on PaaS Heroku
Cybercriminals are abusing platform-as-a-service (PaaS) cloud provider Heroku to build web skimming apps and steal customer data.
Skimmer acts as payment service provider via rogue iframe
Even e-commerce sites that do not take payment information themselves can be abused by crooks. In this post, we show how a web skimmer is able to inject an artificial iframe into the checkout page to prompt users for their credit card information. Victims will only realize something’s not right when they are redirected to the real (and external) payment form.
Web skimmers compete in Umbro Brasil hack
In this web skimming match between two Magecart groups, there can only be one winner.
Liar, liar, pants on fire! Barclays phish claims cards explode
We feel compelled to relay the dire warning from this Barclays snail-mail letter, which we acquired through social media, therefore it must be true.
Please don’t buy this: identity theft protection services
Identity theft protection services promise to have your back against cybercriminals looking to steal your data. But they don’t actually stop them from taking your identity. Are they worth it, then? We say no.
