Skimmer acts as payment service provider via rogue iframe
Even e-commerce sites that do not take payment information themselves can be abused by crooks. In this post, we show how a web skimmer is able to inject an artificial iframe into the checkout page to prompt users for their credit card information. Victims will only realize something’s not right when they are redirected to the real (and external) payment form.
GitHub hosted Magecart skimmer used against hundreds of e-commerce sites
Magecart threat actors upload their skimming code onto GitHub in the latest attack against Magento websites.
New Golang brute forcer discovered amid rise in e-commerce attacks
E-commerce sites are a hot commodity these days. We dig into how compromised PCs are helping to hack into them to inject skimmers, whether via vulnerabilities in the websites themselves or through a new malware we discovered gaining entry via brute force.
Web skimmers compete in Umbro Brasil hack
In this web skimming match between two Magecart groups, there can only be one winner.
A week in security (September 24 – 30)
A roundup of the security news from September 24–30 including phishing, Apple woes, a vulnerability in the wild, e-commerce attacks, phone spam, and a massive Facebook breach.
How to protect your data from Magecart and other e-commerce attacks
Magecart and other criminal groups are causing mayhem by stealing payment information from e-commerce sites, big and small. Learn how they are doing it and how to mitigate against it.