For Magecart groups and other credit-card skimmers, old and new opportunities abound
The entry points for Magecart and other e-commerce skimmers are changing, but the attackers are getting more clever, too.
Advertisement
e-commerce
Double-dipping scammers don’t need malware to grab card numbers and turn a profit, report says
A China-based e-commerce scam appears to be harvesting payment information not through direct hacks on companies or using pernicious malware to skim data, but with a simpler…
Indonesian e-commerce giant probes reported breach of 91 million credentials
The government summoned the board of directors to clarify the current state of the investigation in a meeting Monday.
Automated Magecart spree hit thousands of sites via misconfigured cloud servers, RiskIQ says
The crooks are scanning the web for vulnerable Amazon Web Services S3 buckets, according to security vendor RiskIQ.
Magecart is the most infamous payment skimmer. But it’s hardly the only one.
The infamous Magecart is used by just 12 of the 38 JavaScript-sniffer groups analyzed by the security company Group-IB
Chinese e-commerce giant Gearbest leaks millions of records, researcher finds
“Gearbest’s database isn’t just unsecured. It’s also providing potentially malicious agents with a constantly-updated supply of fresh data.”
Advertisement
Up to 40 percent of traffic on ticket sites is automated. Here’s why that’s bad for security.
Bad bots made up 39.9 percent of ticket-buying traffic between September and December 2018, according to Distil Networks.
Shopify pays $15,250 bug bounty for a Christmas Eve vulnerability
"The bug was filed on Christmas Eve, and within 12 hours the Shopify team rolled out a fix to address the immediate issue."