Magecart hackers | Breaking Cybersecurity News | The Hacker News

A newly discovered Magecart skimming campaign has its roots in a previous attack activity going all the way back to November 2021. To that end, it has come to light that  two   malware  domains identified as hosting credit card skimmer code — "scanalytic[.]org" and "js.staticounter[.]net" — are part of a broader infrastructure used to carry out the intrusions, Malwarebytes said in a Tuesday analysis. "We were able to connect these two domains with a  previous campaign from November 2021  which was the first instance to our knowledge of a skimmer checking for the use of virtual machines," Jérôme Segura  said . "However, both of them are now devoid of VM detection code. It's unclear why the threat actors removed it, unless perhaps it caused more issues than benefits." The earliest evidence of the campaign's activity, based on the additional domains uncovered, suggests it dates back to at least May 2020. Magecart  refers to a cybercrim

Cybercriminal groups are constantly evolving to find new ways to pilfer financial information, and the latest trick in their arsenal is to leverage the messaging app Telegram to their benefit. In what's a new tactic adopted by Magecart groups, the encrypted messaging service is being used to send stolen payment details from compromised websites back to the attackers. "For threat actors, this data exfiltration mechanism is efficient and doesn't require them to keep up infrastructure that could be taken down or blocked by defenders," Jérôme Segura of Malwarebytes said in a Monday analysis . "They can even receive a notification in real time for each new victim, helping them quickly monetize the stolen cards in underground markets." The TTP was first publicly documented by security researcher @AffableKraut in a Twitter thread last week using data from Dutch cybersecurity firm Sansec. Injecting e-skimmers on shopping websites by exploiting a known

As a vCISO, you are responsible for your client's cybersecurity strategy and risk governance. This incorporates multiple disciplines, from research to execution to reporting. Recently, we published a comprehensive playbook for vCISOs, "Your First 100 Days as a vCISO – 5 Steps to Success" , which covers all the phases entailed in launching a successful vCISO engagement, along with recommended actions to take, and step-by-step examples.  Following the success of the playbook and the requests that have come in from the MSP/MSSP community, we decided to drill down into specific parts of vCISO reporting and provide more color and examples. In this article, we focus on how to create compelling narratives within a report, which has a significant impact on the overall MSP/MSSP value proposition.  This article brings the highlights of a recent guided workshop we held, covering what makes a successful report and how it can be used to enhance engagement with your cyber security clients.

Researchers reported on Monday that hackers are now exploiting Google's Analytics service to stealthily pilfer credit card information from infected e-commerce sites. According to several independent reports from PerimeterX , Kaspersky , and Sansec , threat actors are now injecting data-stealing code on the compromised websites in combination with tracking code generated by Google Analytics for their own account, letting them exfiltrate payment information entered by users even in conditions where content security policies are enforced for maximum web security. "Attackers injected malicious code into sites, which collected all the data entered by users and then sent it via Analytics," Kaspersky said in a report published yesterday. "As a result, the attackers could access the stolen data in their Google Analytics account." The cybersecurity firm said it found about two dozen infected websites across Europe and North and South America that specialized in

Hacking groups are continuing to leverage misconfigured AWS S3 data storage buckets to insert malicious code into websites in an attempt to swipe credit card information and carry out malvertising campaigns. In a new report shared with The Hacker News, cybersecurity firm RiskIQ said it identified three compromised websites belonging to Endeavor Business Media last month that are still hosting JavaScript skimming code — a classic tactic embraced by Magecart , a consortium of different hacker groups who target online shopping cart systems. The unpatched affected websites host emergency services-related content and chat forums catering to firefighters, police officers, and security professionals, per RiskIQ. www[.]officer[.]com www[.]firehouse[.]com www[.]securityinfowatch[.]com The cyber firm said it hasn't heard back from Endeavor Business Media despite reaching out to the company to address the issues. As a consequence, it's working with Swiss non-profit cyber

Cybersecurity researchers today uncovered an ongoing new Magecart skimmer campaign that so far has successfully compromised at least 19 different e-commerce websites to steal payment card details of their customers. According to a report published today and shared with The Hacker News, RiskIQ researchers spotted a new digital skimmer, dubbed " MakeFrame ," that injects HTML iframes into web-pages to phish payment data. MakeFrame attacks have been attributed to Magecart Group 7 for its approach of using the compromised sites to host the skimming code, load the skimmer on other compromised websites, and siphon off the stolen data. Magecart attacks usually involve bad actors compromising a company's online store to siphon credit card numbers and account details of users who're making purchases on the infected site by placing malicious JavaScript skimmers on payment forms. It's the latest in a series of attacks by Magecart, an umbrella term for eight diffe

The Indonesian National Police in a joint press conference with Interpol and cybersecurity firm Group-IB earlier today announced the arrest of three Magecart-style Indonesian hackers who had compromised hundreds of international e-commerce websites and stolen payment card details of their online shoppers. Dubbed ' Operation Night Fury ,' the investigation was led by Interpol's ASEAN Cyber Capability Desk, a joint initiative by law enforcement agencies of Southeast Asian countries to combat cybercrime. According to the press conference, all three accused (23, 26, and 35 years old) were arrested last year in December from Jakarta and Yogyakarta and charged with criminal laws related to the data theft, fraud, and unauthorized access. "The operation is still ongoing in the other five ASEAN countries with which the intelligence was also shared. This case marks the first successful multi-jurisdictional operation against the operators of JavaScript-sniffers in the re