Organizations in the U.S., Brazil, Peru, Estonia, Australia, and the U.K. have been compromised by a new Magecart web skimmer campaign hijacking vulnerable legitimate retail websites to facilitate the theft of personal and credit card information, BleepingComputer reports.
Attackers have leveraged two variants of a Base64-encoded skimmer in the campaign, the first of which features CSS selectors aimed at exfiltrating credit card data and personally identifiable information. However, the other skimmer variant lacked protections that enabled researchers to determine the extent of the campaign.
Timely application of CMS and plugin security updates have been recommended for website owners to avoid Magecart attacks, while online shop customers have been advised to leverage virtual cards and electronic payment methods.
North Korea's Lazarus Group, also known as Diamond Sleet, has been leveraging a trojanized CyberLink app installer to facilitate the distribution of LambLoad malware in a new supply chain attack, according to SiliconAngle.
The Kansas Supreme Court disclosed that the state's court system had been subjected to an advanced cyberattack by a foreign threat actor last month, resulting in the theft of sensitive data, which the attacker threatened to leak online, The Kansas City Star reports.
Real-world Insights from a Sophos Threat Analyst: It’s Great You Have a Firewall, But Here’s Why You Shouldn’t Skip Over MDR
Revolutionizing the essentials: Friction-minimizing approaches to overcoming advanced account takeover (ATO)
Evening the Odds Against Overpowered Cyber Adversaries: A Business Impact Analysis
Get daily email updates
SC Media's daily must-read of the most current and pressing daily news