Web Services Security, E-Commerce Security news, articles & updates| SC Media

Web Services Security, E-Commerce Security

hotel

Hotel websites infected with skimmer via supply chain attack

A Magecart card-skimming campaign this month sabotaged the mobile websites of two hotel chains by executing a supply chain attack on a third-party partner, researchers have reported. The third party in both instances was Roomleader, a Barcelona-based provider of digital marketing and web development services. One of the ways Roomleader helps hospitality companies build out…

Miscreants infected a poker player's laptop malware that monitored his every online gambling move.

New way to lose at poker? Card game domains infected with Magecart skimmer

Cybercriminals are upping the ante when it comes to compromising websites with Magecart payment card skimmers, as evidence by the recent discovery of two infected web domains used by poker enthusiasts. A Malwarebytes blog post this week identified the two affected web pages as pokertracker.com and its subdomain pt4pokertracker.com. Both are related to a software…

Data dump suggests that Evite data breach affected 100M accounts

A new addition to the data breach reference website “Have I Been Pwned?” seemingly reveals that more than 100 million accounts were compromised in this year’s data breach of the event-planning service Evite. “Have I Been Pwned?” founder Troy Hunt added a database of 100,985,047 affected accounts to his site on July 14, and in…

Magecart group compromises 17,000 domains by overwriting Amazon S3 buckets

One of the “Magecart” cybercriminal groups has infected more than 17,000 web domains with JavaScript-based payment card-skimming code by developing an automated process for finding and compromising misconfigured Amazon S3 buckets, researchers have reported. “These actors automatically scan for buckets which are misconfigured to allow anyone to view and edit the files it contains,” writes…

Automated Magecart campaign infects 962 online stores

A July 4 Magecart card-skimming attack successfully infiltrated 962 online stores in what researchers are calling the largest 24-hour automated Magecart campaign to date. Researchers from Sanguine Security Labs who detected the attack reported it via Twitter, and uploaded the JavaScript-based skimmer code to GitHub. Sanguine Security researcher Willem de Groot told BleepingComputer that the campaign…

Fake Facebook political pages tricked Libyans into downloading RATs

A mysterious hacker has for years been tricking Libyan citizens into infecting themselves with mobile and desktop malware by luring them to weaponized Facebook pages that impersonate key local figures and purport to deliver news of interest to the civil war-torn nation’s people. Researchers from Check Point Software Technologies have traced the campaign – dubbed…

Data management firm exposed client info on open Amazon S3 buckets: researchers

Data from Netflix, TD Bank, Ford and other companies was left exposed for an unknown period of time on publicly configured cloud storage buckets operated by data integration and management company Attunity, according to the research team that discovered the error. A researcher from UpGuard’s Data Breach Research team found the three publicly accessible Amazon…

Pair of vulnerabilities could have enabled takeover of EA gamer accounts

Prolific video game developer Electronic Arts Inc. (aka EA Games) has reportedly patched a pair of vulnerabilities that attackers could have exploited to hijack millions of player accounts, access their payment card information and make fraudulent purchases. The first flaw could have allowed actors to hijack an EA Games subdomain, while the other could have…

Federal agencies still using insecure knowledge-based verification for online services

A performance audit of six U.S. government agencies found that four of them are still using knowledge-based questions to verify the identities of individuals applying for federal benefits or services, even though this practice is considered outdated and insecure, especially in light of the 2017 Equifax breach. Knowledge-based verification questions are typically created by credit…

Cyber gangs battle to take down Xbox and PlayStation gaming networks for Christmas.

Gaming industry has become popular target of credential stuffing attacks: study

A company’s recent analysis of credential abuse activity over a 17-month period uncovered roughly 55 billion credential stuffing attack attempts against various online services, roughly 12 billion of which targeted the gaming industry. Researchers at Akamai Technologies revealed the data in their latest State of the Internet/Security report, which specifically focuses on web attacks and…

Next post in Security News