BleepingComputer reports that more than 300 restaurants across the U.S. had 50,000 payment cards stolen in two ongoing Magecart malware campaigns aimed at Harbortouch, MenuDrive, and InTouchPOS online ordering portals.
Eighty restaurants leveraging MenuDrive and 74 others using Harbortouch have been impacted by the first campaign that began in January, with the web skimmer found to be injected into the web pages of restaurants, according to a report from Recorded Future. Separate scripts for payment card data retrieval and cardholder name, email address, and phone number collection were used in the malware sent for MenuDrive systems, while only one script was used on Harbortouch.
Meanwhile, the Magecart campaign targeted at InTouchPOS began last November but most skimmer injections were discovered to have begun in January. Researchers noted that the InTouchPOS campaign involves an overlaid fake payment form instead of direct information theft from compromised sites.
Performing restaurant subdomain scanning is needed in removing skimmers in the MenuDrive and Harbortouch campaign but only a simple code comparison is required for the InTouchPOS infection, said Recorded Future.
The aviation equivalent of ASCII art, a memory safety issue in OpenSSH that might not be terrible, a format string in F5 that might be terrible, a new MITRE framework for supply chain security, programming languages and secure code
Confused about exactly what “automation” means in the world of application scanning tools? You’re not alone. From executing automatic security checks to scheduling when scans are launched, here’s a breakdown of the many ways automation enables more effective software security.