Website/Web Server Security news, articles & updates| SC Media

Website/Web Server Security

Magecart group compromises 17,000 domains by overwriting Amazon S3 buckets

One of the “Magecart” cybercriminal groups has infected more than 17,000 web domains with JavaScript-based payment card-skimming code by developing an automated process for finding and compromising misconfigured Amazon S3 buckets, researchers have reported. “These actors automatically scan for buckets which are misconfigured to allow anyone to view and edit the files it contains,” writes…

Automated Magecart campaign infects 962 online stores

A July 4 Magecart card-skimming attack successfully infiltrated 962 online stores in what researchers are calling the largest 24-hour automated Magecart campaign to date. Researchers from Sanguine Security Labs who detected the attack reported it via Twitter, and uploaded the JavaScript-based skimmer code to GitHub. Sanguine Security researcher Willem de Groot told BleepingComputer that the campaign…

Fake Facebook political pages tricked Libyans into downloading RATs

A mysterious hacker has for years been tricking Libyan citizens into infecting themselves with mobile and desktop malware by luring them to weaponized Facebook pages that impersonate key local figures and purport to deliver news of interest to the civil war-torn nation’s people. Researchers from Check Point Software Technologies have traced the campaign – dubbed…

Some of the biggest tech and internet corporations began releasing updated transparency reports.

Reports: Hacking accusations debunked after leak of New Zealand budget plan

Accusations from New Zealand’s Treasury department that someone had hacked the agency’s website and stole budget plans that was later leaked to the public turned out to be premature, after investigators reportedly determined that individuals were able to access the documentation due to website error. After details of a forthcoming budget plan promised by New…

Report: Hacking group wipes content from over 12,000 open MongoDB databases

In less than a month’s time, the “Unistellar” hacking group has reportedly accessed over 12,000 unsecured MongoDB databases and stolen their contents, apparently holding them for ransom. Security researcher Sanyam Jain initially discovered the wiped databases late last month using the BinaryEdge scanning service, according to a BleepingComputer report last Friday. The 12,564 sabotaged databases…

Tor network remains unsure how feds discovered and shut down Silk Road 2.0

Sites infected as open source Alpaca Forms and analytics service Picreel compromised

Hackers have breached two services and modified their JavaScript code to infect more than 4,600 websites with malware, according to security researchers. The attacks were initially discovered by security researcher Willem de Groot. In a series of tweets, he said that Picreel, an analytics service that enables website owners to see what users are doing and…

DNSpionage actors adjust tactics, debut new remote administration tool

The actors responsible for the DNSpionage DNS hijacking campaign have altered some of their tactics, techniques and procedures (TTPs), introducing a new reconnaissance phase as well as a new malicious remote administration tool called Karkoff. Discovered last November, the operation primarily targets Lebanon- and United Arab Emirates-affiliated .gov domains, commandeering the websites’ DNS servers so…

Magecart hackers force turnover, steal data from Atlanta Hawks’ online shop

Cybercriminals using Magecart card-skimming code attacked the online store of the NBA’s Atlanta Hawks, stealing customers names, addresses and payment card numbers. The Sanguine Labs team at Sanguine Security identified the offending code on the store’s checkout page on Saturday April 20, according to a post on the security company’s website. But research from RiskIQ…

Drupal releases correct four moderately critical third-party vulnerabilities

Drupal this week issued a series of security releases to fix four “moderately critical” vulnerabilities, three related to the content management system’s Symfony PHP web application framework and a fourth involving the jQuery project JavaScript library. The three Symfony issues consist of: A cross-site scripting bug caused by the failure of validation messages in the…

Report: Ecuadorian websites besieged by cyberattacks following Julian Assange’s arrest

Since Julian Assange’s arrest and removal from London’s Ecuadorian embassy last week, the websites of Ecuador’s public institutions have been subjected to roughly 40 million cyberattacks, Agence France-Presse reported yesterday. The attacks have primarily originated from the U.S., Brazil, Ecuador itself, and European nations including the Netherlands, Germany, Romania, France, Austria and the UK, said…

Next post in Security News