#1 Trusted Cybersecurity News Platform Followed by 4.50+ million
The Hacker News Logo
Subscribe – Get Latest News
Cloud Security

E-commerce website | Breaking Cybersecurity News | The Hacker News

Magecart Hackers Inject iFrame Skimmers in 19 Sites to Steal Payment Data

Magecart Hackers Inject iFrame Skimmers in 19 Sites to Steal Payment Data

Apr 02, 2020
Cybersecurity researchers today uncovered an ongoing new Magecart skimmer campaign that so far has successfully compromised at least 19 different e-commerce websites to steal payment card details of their customers. According to a report published today and shared with The Hacker News, RiskIQ researchers spotted a new digital skimmer, dubbed " MakeFrame ," that injects HTML iframes into web-pages to phish payment data. MakeFrame attacks have been attributed to Magecart Group 7 for its approach of using the compromised sites to host the skimming code, load the skimmer on other compromised websites, and siphon off the stolen data. Magecart attacks usually involve bad actors compromising a company's online store to siphon credit card numbers and account details of users who're making purchases on the infected site by placing malicious JavaScript skimmers on payment forms. It's the latest in a series of attacks by Magecart, an umbrella term for eight diffe
Critical Flaws in 'OXID eShop' Software Expose eCommerce Sites to Hacking

Critical Flaws in 'OXID eShop' Software Expose eCommerce Sites to Hacking

Jul 30, 2019
If your e-commerce website runs on the OXID eShop platform , you need to update it immediately to prevent your site from becoming compromised. Cybersecurity researchers have discovered a pair of critical vulnerabilities in OXID eShop e-commerce software that could allow unauthenticated attackers to take full control over vulnerable eCommerce websites remotely in less than a few seconds. OXID eShop is one of the leading German e-commerce shop software solutions whose enterprise edition is being used by industry leaders including Mercedes, BitBurger, and Edeka. Security researchers at RIPS Technologies GmbH shared their latest findings with The Hacker News, detailing about two critical security vulnerabilities that affect recent versions of Enterprise, Professional, and Community Editions of OXID eShop software. It should be noted that absolutely no interaction between the attacker and the victim is necessary to execute both vulnerabilities, and the flaws work against the def
Hands-on Review: Cynomi AI-powered vCISO Platform

Hands-on Review: Cynomi AI-powered vCISO Platform

Apr 10, 2024vCISO / Risk Assessment
The need for vCISO services is growing. SMBs and SMEs are dealing with more third-party risks, tightening regulatory demands and stringent cyber insurance requirements than ever before. However, they often lack the resources and expertise to hire an in-house security executive team. By outsourcing security and compliance leadership to a vCISO, these organizations can more easily obtain cybersecurity expertise specialized for their industry and strengthen their cybersecurity posture. MSPs and MSSPs looking to meet this growing vCISO demand are often faced with the same challenge. The demand for cybersecurity talent far exceeds the supply. This has led to a competitive market where the costs of hiring and retaining skilled professionals can be prohibitive for MSSPs/MSPs as well. The need to maintain expertise of both security and compliance further exacerbates this challenge. Cynomi, the first AI-driven vCISO platform , can help. Cynomi enables you - MSPs, MSSPs and consulting firms
AliExpress WebSite Vulnerability Exposes Millions of Users' Private Information

AliExpress WebSite Vulnerability Exposes Millions of Users' Private Information

Dec 08, 2014
A critical, but easily exploitable personal information disclosure vulnerability has been discovered in the widely popular online marketplace AliExpress website that affects its millions of users worldwide. The reported vulnerability could allow anyone to steal personal information of hundreds of millions of AliExpress users without knowing their account passwords. AliExpress is an online marketplace owned by Chinese E-Commerce giant Alibaba.com , which offers more than 300 Million active users from more than 200 countries and regions to order items in bulk or one at a time at low wholesale prices. Amitay Dan , an Israeli application security researcher working at Cybermoon.cc, reported the vulnerability to The Hacker News after providing full disclosure of the flaw to the AliExpress team and Israeli media. According to the Proof-of-Concept video and screenshots provided by the security researcher to The Hacker News , AliExpress website allows logged in user to add
cyber security

WATCH: The SaaS Security Challenge in 90 Seconds

websiteAdaptive ShieldSaaS Security / Cyber Threat
Discover how you can overcome the SaaS security challenge by securing your entire SaaS stack with SSPM.
Magento vulnerability allows an attacker to create administrative user

Magento vulnerability allows an attacker to create administrative user

Feb 13, 2014
It seems you cannot go a day without hearing about someone or some group hacking a website or stealing credit card and other sensitive data from e-commerce sites. The Market of E-commerce is at its boom, and that provides even more opportunities to hackers. There are many readymade e-commerce platforms available on the Internet, that are easy to install and easy to manage at no extra cost and 'Magento' is one of the most popular out of them. Recently security researchers at Securatary  have reported a critical cross-store vulnerability in the Magento platform that lets attackers to escalation privilege by creating an administrative user on any ' Gostorego' online store. The authentication bypass vulnerability left 200,000 merchants data vulnerable to hackers before it was patched. To exploit the flaw, an attacker only needed to modify the HOST header to the URI of the target account in the GET request. They dubbed it as " Stealth mode ",
Make your website Safe for Online Buyers with Qualys SECURE Seal

Make your website Safe for Online Buyers with Qualys SECURE Seal

Oct 23, 2012
The number one concern of Internet users is that a web site will keep personal information safe and secure. If you are a site owner, giving importance to security is not only for your own protection but for your users' as well. Despite you have the right to set contents to your contracts and terms of service, you still have a portion of liabilities in case your user encountered information and financial thefts as he perform activities within your website. E-commerce usually involves the processing of credit cards and sensitive customer information so security is very important. Online communities and ecommerce websites are mostly the target places of hackers. Toward this end, many users look for a website to display a third party seal as evidence of security. Using a web site seal is a good idea. But providing true web site security requires more than just a seal it also requires using several kinds of security controls managed by a security program to back the seal's p
Cybersecurity Resources