A week in security (December 30 – January 5)
A roundup of the previous week’s most notable security stories and events, including new web skimmer techniques, an explanation of edge computing, and more.
New evasion techniques found in web skimmers
As Magecart credit card skimmers become exposed by security researchers, their authors are refining evasion techniques to go undetected.
There’s an app for that: web skimmers found on PaaS Heroku
Cybercriminals are abusing platform-as-a-service (PaaS) cloud provider Heroku to build web skimming apps and steal customer data.
The forgotten domain: Exploring a link between Magecart Group 5 and the Carbanak APT
Bread crumbs left behind open up a possible connection between Magecart Group 5 and Carbanak.
Magecart criminals caught stealing with their poker face on
This blog post details the curious case of a web skimmer encountered in a poker application.
No summer break for Magecart as web skimming intensifies
Despite the heat, criminals are hard at work stealing credit card data from unaware shoppers. July marks a notable increase in web skimmer attacks over previous months.
Magecart skimmers found on Amazon CloudFront CDN
Not all breaches on Content Delivery Networks (CDNs) result in supply-chain attacks, yet, they are often a forgotten entry point for attackers to slip in malicious code, such as web skimmers.
Skimmer acts as payment service provider via rogue iframe
Even e-commerce sites that do not take payment information themselves can be abused by crooks. In this post, we show how a web skimmer is able to inject an artificial iframe into the checkout page to prompt users for their credit card information. Victims will only realize something’s not right when they are redirected to the real (and external) payment form.
GitHub hosted Magecart skimmer used against hundreds of e-commerce sites
Magecart threat actors upload their skimming code onto GitHub in the latest attack against Magento websites.
Plugin vulnerabilities exploited in traffic monetization schemes
The latest round of vulnerable WordPress plugins leads to an active traffic monetization campaign via hacked websites.
