E-commerce | Breaking Cybersecurity News | The Hacker News

A new phishing campaign is targeting e-commerce shoppers in Europe and the United States with bogus pages that mimic legitimate brands with the goal of stealing their personal information ahead of the Black Friday shopping season. "The campaign leveraged the heightened online shopping activity in November, the peak season for Black Friday discounts. The threat actor used fake discounted products as phishing lures to deceive victims into providing their Cardholder Data (CHD) and Sensitive Authentication Data (SAD) and Personally Identifiable Information (PII)," EclecticIQ said . The activity, first observed in early October 2024, has been attributed with high confidence to a Chinese financially motivated threat actor codenamed SilkSpecter. Some of the impersonated brands include IKEA, L.L.Bean, North Face, and Wayfare. The phishing domains have been found to use top-level domains (TLDs) such as .top, .shop, .store, and .vip, often typosquatting legitimate e-commerce organi...

Cybersecurity researchers have shed light on a new digital skimmer campaign that leverages Unicode obfuscation techniques to conceal a skimmer dubbed Mongolian Skimmer. "At first glance, the thing that stood out was the script's obfuscation, which seemed a bit bizarre because of all the accented characters," Jscrambler researchers said in an analysis. "The heavy use of Unicode characters, many of them invisible, does make the code very hard to read for humans." The script, at its core, has been found to leverage JavaScript's capability to use any Unicode character in identifiers to hide the malicious functionality. The end goal of the malware is to steal sensitive data entered on e-commerce checkout or admin pages, including financial information, which are then exfiltrated to an attacker-controlled server. The skimmer, which typically manifests in the form of an inline script on compromised sites that fetches the actual payload from an external serv...

Vulnerability Management (VM) has long been a cornerstone of organizational cybersecurity. Nearly as old as the discipline of cybersecurity itself, it aims to help organizations identify and address potential security issues before they become serious problems. Yet, in recent years, the limitations of this approach have become increasingly evident.  At its core, Vulnerability Management processes remain essential for identifying and addressing weaknesses. But as time marches on and attack avenues evolve, this approach is beginning to show its age. In a recent report, How to Grow Vulnerability Management into Exposure Management (Gartner, How to Grow Vulnerability Management Into Exposure Management, 8 November 2024, Mitchell Schneider Et Al.), we believe Gartner® addresses this point precisely and demonstrates how organizations can – and must – shift from a vulnerability-centric strategy to a broader Exposure Management (EM) framework. We feel it's more than a worthwhile read an...

Cybersecurity researchers have disclosed that 5% of all Adobe Commerce and Magento stores have been hacked by malicious actors by exploiting a security vulnerability dubbed CosmicSting. Tracked as CVE-2024-34102 (CVSS score: 9.8), the critical flaw relates to an improper restriction of XML external entity reference (XXE) vulnerability that could result in remote code execution. The shortcoming, credited to a researcher named " spacewasp ," was patched by Adobe in June 2024. Dutch security firm Sansec, which has described CosmicSting as the "worst bug to hit Magento and Adobe Commerce stores in two years," said the e-commerce sites are being compromised at the rate of three to five per hour. The flaw has since come under widespread exploitation , prompting the U.S. Cybersecurity and Infrastructure Security Agency (CISA) to add it to the Known Exploited Vulnerabilities (KEV) catalog in mid-July 2024. Some of these attacks involve weaponizing the flaw to ste...

Monitoring evolving DDoS trends is essential for anticipating threats and adapting defensive strategies. The comprehensive Gcore Radar Report for the first half of 2024 provides detailed insights into DDoS attack data, showcasing changes in attack patterns and the broader landscape of cyber threats. Here, we share a selection of findings from the full report. Key Takeaways The number of DDoS attacks in H1 2024 has increased by 46% compared to the same period last year, reaching 445K in Q2 2024. Compared to data for the previous six months (Q3–4 2023), it increased by 34%. Peak attack power increased slightly: The most powerful attack in H1 2024 reached 1.7 Tbps. By comparison, in 2023, it was 1.6 Tbps. Although there has only been an increase of 0.1 Tbps in a year, this still indicates a gain in power that poses a significant danger. To put this into perspective, a terabit per second (Tbps) represents a massive amount of data flooding a network, equivalent to over 212,000 high-d...

Facebook users are the target of a scam e-commerce network that uses hundreds of fake websites to steal personal and financial data using brand impersonation and malvertising tricks. Recorded Future's Payment Fraud Intelligence team, which detected the campaign on April 17, 2024, has given it the name ERIAKOS owing to the use of the same content delivery network (CDN) oss.eriakos[.]com. "These fraudulent sites were accessible only through mobile devices and ad lures, a tactic aimed at evading automated detection systems," the company said , noting the network comprised 608 fraudulent websites and that the activity spans several short-lived waves. A notable aspect of the sophisticated campaign is that it exclusively targeted mobile users who accessed the scam sites via ad lures on Facebook, some of which relied on limited-time discounts to entice users into clicking on them. Recorded Future said as many as 100 Meta Ads related to a single scam website were served in a ...

Threat actors have been observed using swap files in compromised websites to conceal a persistent credit card skimmer and harvest payment information. The sneaky technique, observed by Sucuri on a Magento e-commerce site's checkout page, allowed the malware to survive multiple cleanup attempts, the company said. The skimmer is designed to capture all the data into the credit card form on the website and exfiltrate the details to an attacker-controlled domain named "amazon-analytic[.]com," which was registered in February 2024. "Note the use of the brand name; this tactic of leveraging popular products and services in domain names is often used by bad actors in an attempt to evade detection," security researcher Matt Morrow said . This is just one of many defense evasion methods employed by the threat actor, which also includes the use of swap files ("bootstrap.php-swapme") to load the malicious code while keeping the original file ("bootstra...

Google has taken steps to block ads for e-commerce sites that use the Polyfill.io service after a Chinese company acquired the domain and modified the JavaScript library ("polyfill.js") to redirect users to malicious and scam sites. "Protecting our users is our top priority. We detected a security issue recently that may affect websites using certain third-party libraries," the company said in a statement shared with The Hacker News. "To help potentially impacted advertisers secure their websites, we have been proactively sharing information on how to quickly mitigate the issue." More than 110,000 sites that embed the library are impacted by the supply chain attack, Sansec said in a Tuesday report. Polyfill is a popular library that incorporates support for modern functions in web browsers. Earlier this February, concerns were raised following its purchase by China-based content delivery network (CDN) company Funnull. The original creator of the pr...

Adobe on Tuesday shipped  security updates  to remediate multiple critical vulnerabilities in its Magento e-commerce platform that could be abused by an attacker to execute arbitrary code and take control of a vulnerable system. The  issues  affect 2.3.7, 2.4.2-p1, 2.4.2, and earlier versions of Magento Commerce, and 2.3.7, 2.4.2-p1, and all prior versions of Magento Open Source edition. Of the 26 flaws addressed, 20 are rated critical, and six are rated Important in severity. None of the vulnerabilities fixed this month by Adobe are listed as publicly known or under active attack at the time of release. The most concerning of the bugs are as follows - CVE-2021-36021, CVE-2021-36024, CVE-2021-36025, CVE-2021-36034, CVE-2021-36035, CVE-2021-36040, CVE-2021-36041, and CVE-2021-36042  (CVSS score: 9.1) - Arbitrary code execution due to improper input validation CVE-2021-36022 and CVE-2021-36023  (CVSS score: 9.1) - Arbitrary code execution due to OS com...

Future Group's plan to boost online sales has encountered a cyber obstacle. Its flagship e-commerce portal, FutureBazaar, was hacked and has been non-functional for the past two days. FutureBazaar CEO Rajiv Prakash described the incident as a "denial of service attack." He stated, "The website has been down for the last couple of days and has been blocked to consumers." The company is addressing the issue internally and pursuing legal action against the hackers. "We have filed a complaint with the Cyber Crime Branch in Mumbai. Internally, we are working to get the site up and running, and it should be fine soon," Prakash assured. To minimize business losses, the company has kept its phone commerce active, allowing consumers to make purchases through this channel. Prakash did not comment on the potential daily losses due to the problem. However, the portal is one of the group's emerging business verticals. Future Group aims to have at least 10% of ...