#1 Trusted Cybersecurity News Platform
Followed by 5.20+ million
The Hacker News Logo
Subscribe – Get Latest News

E-commerce website | Breaking Cybersecurity News | The Hacker News

Category — E-commerce website
Magecart Hackers Inject iFrame Skimmers in 19 Sites to Steal Payment Data

Magecart Hackers Inject iFrame Skimmers in 19 Sites to Steal Payment Data

Apr 02, 2020
Cybersecurity researchers today uncovered an ongoing new Magecart skimmer campaign that so far has successfully compromised at least 19 different e-commerce websites to steal payment card details of their customers. According to a report published today and shared with The Hacker News, RiskIQ researchers spotted a new digital skimmer, dubbed " MakeFrame ," that injects HTML iframes into web-pages to phish payment data. MakeFrame attacks have been attributed to Magecart Group 7 for its approach of using the compromised sites to host the skimming code, load the skimmer on other compromised websites, and siphon off the stolen data. Magecart attacks usually involve bad actors compromising a company's online store to siphon credit card numbers and account details of users who're making purchases on the infected site by placing malicious JavaScript skimmers on payment forms. It's the latest in a series of attacks by Magecart, an umbrella term for eight diffe...
Critical Flaws in 'OXID eShop' Software Expose eCommerce Sites to Hacking

Critical Flaws in 'OXID eShop' Software Expose eCommerce Sites to Hacking

Jul 30, 2019
If your e-commerce website runs on the OXID eShop platform , you need to update it immediately to prevent your site from becoming compromised. Cybersecurity researchers have discovered a pair of critical vulnerabilities in OXID eShop e-commerce software that could allow unauthenticated attackers to take full control over vulnerable eCommerce websites remotely in less than a few seconds. OXID eShop is one of the leading German e-commerce shop software solutions whose enterprise edition is being used by industry leaders including Mercedes, BitBurger, and Edeka. Security researchers at RIPS Technologies GmbH shared their latest findings with The Hacker News, detailing about two critical security vulnerabilities that affect recent versions of Enterprise, Professional, and Community Editions of OXID eShop software. It should be noted that absolutely no interaction between the attacker and the victim is necessary to execute both vulnerabilities, and the flaws work against the def...
The Future of Serverless Security in 2025: From Logs to Runtime Protection

The Future of Serverless Security in 2025: From Logs to Runtime Protection

Nov 28, 2024Cloud Security / Threat Detection
Serverless environments, leveraging services such as AWS Lambda, offer incredible benefits in terms of scalability, efficiency, and reduced operational overhead. However, securing these environments is extremely challenging. The core of current serverless security practices often revolves around two key components: log monitoring and static analysis of code or system configuration. But here is the issue with that: 1. Logs Only Tell Part of the Story Logs can track external-facing activities, but they don't provide visibility into the internal execution of functions. For example, if an attacker injects malicious code into a serverless function that doesn't interact with external resources (e.g., external APIs or databases), traditional log-based tools will not detect this intrusion. The attacker may execute unauthorized processes, manipulate files, or escalate privileges—all without triggering log events. 2. Static Misconfiguration Detection is Incomplete Static tools that check ...
AliExpress WebSite Vulnerability Exposes Millions of Users' Private Information

AliExpress WebSite Vulnerability Exposes Millions of Users' Private Information

Dec 08, 2014
A critical, but easily exploitable personal information disclosure vulnerability has been discovered in the widely popular online marketplace AliExpress website that affects its millions of users worldwide. The reported vulnerability could allow anyone to steal personal information of hundreds of millions of AliExpress users without knowing their account passwords. AliExpress is an online marketplace owned by Chinese E-Commerce giant Alibaba.com , which offers more than 300 Million active users from more than 200 countries and regions to order items in bulk or one at a time at low wholesale prices. Amitay Dan , an Israeli application security researcher working at Cybermoon.cc, reported the vulnerability to The Hacker News after providing full disclosure of the flaw to the AliExpress team and Israeli media. According to the Proof-of-Concept video and screenshots provided by the security researcher to The Hacker News , AliExpress website allows logged in user to add...
cyber security

Creating, Managing and Securing Non-Human Identities

websitePermisoCybersecurity / Identity Security
A new class of identities has emerged alongside traditional human users: non-human identities (NHIs). Permiso Security's new eBook details everything you need to know about managing and securing non-human identities, and strategies to unify identity security without compromising agility.
Magento vulnerability allows an attacker to create administrative user

Magento vulnerability allows an attacker to create administrative user

Feb 13, 2014
It seems you cannot go a day without hearing about someone or some group hacking a website or stealing credit card and other sensitive data from e-commerce sites. The Market of E-commerce is at its boom, and that provides even more opportunities to hackers. There are many readymade e-commerce platforms available on the Internet, that are easy to install and easy to manage at no extra cost and 'Magento' is one of the most popular out of them. Recently security researchers at Securatary  have reported a critical cross-store vulnerability in the Magento platform that lets attackers to escalation privilege by creating an administrative user on any ' Gostorego' online store. The authentication bypass vulnerability left 200,000 merchants data vulnerable to hackers before it was patched. To exploit the flaw, an attacker only needed to modify the HOST header to the URI of the target account in the GET request. They dubbed it as " Stealth mode ",...
Make your website Safe for Online Buyers with Qualys SECURE Seal

Make your website Safe for Online Buyers with Qualys SECURE Seal

Oct 23, 2012
The number one concern of Internet users is that a web site will keep personal information safe and secure. If you are a site owner, giving importance to security is not only for your own protection but for your users' as well. Despite you have the right to set contents to your contracts and terms of service, you still have a portion of liabilities in case your user encountered information and financial thefts as he perform activities within your website. E-commerce usually involves the processing of credit cards and sensitive customer information so security is very important. Online communities and ecommerce websites are mostly the target places of hackers. Toward this end, many users look for a website to display a third party seal as evidence of security. Using a web site seal is a good idea. But providing true web site security requires more than just a seal it also requires using several kinds of security controls managed by a security program to back th...
Expert Insights / Articles Videos
Cybersecurity Resources