web skimmer | Breaking Cybersecurity News | The Hacker News

Malicious actors are exploiting a previously unknown security flaw in the open source PrestaShop e-commerce platform to inject malicious skimmer code designed to swipe sensitive information. "Attackers have found a way to use a security vulnerability to carry out arbitrary code execution in servers running PrestaShop websites," the company  noted  in an advisory published on July 22. PrestaShop is  marketed  as the leading open-source e-commerce solution in Europe and Latin America, used by nearly 300,000 online merchants worldwide. The goal of the infections is to introduce malicious code capable of stealing payment information entered by customers on checkout pages. Shops using outdated versions of the software or other vulnerable third-party modules appear to be the prime targets.  The PrestaShop maintainers also said they found a zero-day flaw in its service that they said has been addressed in  version 1.7.8.7 , although they cautioned that "we cannot be sure

Three restaurant ordering platforms MenuDrive, Harbortouch, and InTouchPOS were the target of two Magecart skimming campaigns that resulted in the compromise of at least 311 restaurants. The trio of breaches has led to the theft of more than 50,000 payment card records from these infected restaurants and posted for sale on the dark web. "The online ordering platforms MenuDrive and Harbortouch were targeted by the same Magecart campaign, resulting in e-skimmer infections on 80 restaurants using MenuDrive and 74 using Harbortouch," cybersecurity firm Recorded Future  revealed  in a report. "InTouchPOS was targeted by a separate, unrelated Magecart campaign, resulting in e-skimmer infections on 157 restaurants using the platform." Magecart actors have a history of  infecting e-commerce websites  with JavaScript skimmers to steal online shoppers' payment card data, billing information, and other personally identifiable information (PII). The first set of act

Wing Security finds and ranks all SaaS applications completely for free, removing unnecessary risk.

A newly discovered Magecart skimming campaign has its roots in a previous attack activity going all the way back to November 2021. To that end, it has come to light that  two   malware  domains identified as hosting credit card skimmer code — "scanalytic[.]org" and "js.staticounter[.]net" — are part of a broader infrastructure used to carry out the intrusions, Malwarebytes said in a Tuesday analysis. "We were able to connect these two domains with a  previous campaign from November 2021  which was the first instance to our knowledge of a skimmer checking for the use of virtual machines," Jérôme Segura  said . "However, both of them are now devoid of VM detection code. It's unclear why the threat actors removed it, unless perhaps it caused more issues than benefits." The earliest evidence of the campaign's activity, based on the additional domains uncovered, suggests it dates back to at least May 2020. Magecart  refers to a cybercrim

Threat actors leveraged a cloud video hosting service to carry out a supply chain attack on more than  100 real estate websites  operated by Sotheby's Realty that involved injecting malicious skimmers to steal sensitive personal information. "The attacker injected the skimmer JavaScript codes into video, so whenever others import the video, their websites get embedded with skimmer codes as well," Palo Alto Networks' Unit 42 researchers  said  in a report published this week. The skimmer attacks, also called formjacking, relates to a type of cyber attack wherein bad actors insert malicious JavaScript code into the target website, most often to checkout or payment pages on shopping and e-commerce portals, to harvest valuable information such as credit card details entered by users. In the latest incarnation of the Magecart attacks, the operators behind the campaign breached the Brightcove account of Sotheby's and deployed malicious code into the player of the

Cybercrime actors part of the Magecart group have latched on to a new technique of obfuscating the malware code within  comment blocks  and encoding stolen credit card data into images and other files hosted on the server, once again demonstrating how the attackers are  continuously improving  their infection chains to escape detection. "One tactic that some Magecart actors employ is the dumping of swiped credit card details into image files on the server [to] avoid raising suspicion," Sucuri Security Analyst, Ben Martin,  said  in a write-up. "These can later be downloaded using a simple  GET request  at a later date." Magecart is the umbrella term given to multiple groups of cybercriminals targeting e-commerce websites with the goal of plundering credit card numbers by injecting malicious JavaScript skimmers and selling them on the black market. Sucuri attributed the attack to  Magecart Group 7  based on overlaps in the tactics, techniques, and procedures (TT

Cybersecurity researchers today highlighted an evasive phishing technique that attackers are exploiting in the wild to target visitors of several sites with a quirk in domain names, and leverage modified favicons to inject e-skimmers and steal payment card information covertly. "The idea is simple and consists of using characters that look the same in order to dupe users," Malwarebytes researchers said in a Thursday analysis . "Sometimes the characters are from a different language set or simply capitalizing the letter 'i' to make it appear like a lowercase 'l'." Called an internationalized domain name (IDN) homograph attack , the technique has been used by a Magecart group on multiple domains to load the popular Inter skimming kit hidden inside a favicon file . The visual trickery typically involves leveraging the similarities of character scripts to create and register fraudulent domains of existing ones to deceive unsuspecting users into