Displaying items by tag: Magecart

Web acceleration and security provider Cloudflare's new Page Shield feature aims to protect sites and their users from malicious code introduced through third-party dependencies.

Senior threat researcher Yonathan Klijnsma of the firm RiskIQ has died a few days short of his 30th birthday, with the talented hacker meeting his end at the hands of cancer.

Global content delivery network Akamai has launched Page Integrity Manager, an edge service that can be embedded into Web pages to protect against JavaScript threats such as Web skimming, formjacking and Magecart attacks.

Security outfit RiskIQ says it has found a new variant of the cyber-crime syndicate Magecart which is has named MakeFrame due to the fact that it creates iframes for skimming payment data from websites.

Security firm RiskIQ says it has tried several times to contact blender manufacturer NutriBullet to inform the latter of a JavaScript skimmer that was noticed on its international website on 20 February — an attack that has been identified as being carried out by one of the Magecart groups, in this case Group 8 — but has not heard back from the blender manufacturer.

Three men, identified only by their initials, have been arrested in Indonesia on suspicion of using Magecart-style attacks to steal digital data in Indonesia.

A cyber crime syndicate known as Magecart, which is made up of dozens of sub-groups that indulge in credit card theft by skimming online payment forms, has been found to be implicated in more than two million such attacks.

Sites that have been decommissioned due to attacks by the card-skimming attack group Magecart are being hijacked and re-used for other malicious activity once they come back online by a secondary group of cyber criminals, the security firm RiskIQ claims.

The subscription site for Forbes magazine has been the victim of the card-skimming attack group Magecart, with the well-known website leaking card data on Wednesday until the attack was noticed and the site taken down.

Malicious attackers have used the GitHub code repository for hosting credit card skimmers which are known as Magecart, the security firm Malwarebytes says, adding that new e-commerce websites are being attacked every day.

Customers of Dutch clothing company OppoSuits have been warned to monitor their credit card accounts after the firm reported that malware planted on its website could have stolen the details of customers who made purchases from its Australian, Canadian, EU and UK websites.

Financial data stolen from British Airways in a recent attack by a group known as Magecart is being hawked on the dark web, the researchers who attributed the attack claim.

British Airways has updated its advice on a breach of customer data, saying the payments cards of another 185,000 people could be affected, in addition to the 380,000 first mentioned.

Security firm RiskIQ has discovered another case of a site breach by the group Magecart, this time against Shopper Approved, a customer rating plugin that is used on thousands of ecommerce sites.

The American security firm Symantec says it has blocked nearly a quarter of a million attempts at what it calls "formjacking" — use of malicious JavaScript to steal credit card details and other information from payment forms on the checkout Web pages of e-commerce sites — since mid-August.

The malicious attacker, or attackers, known as Magecart, who infiltrated the British Airways website last month, have now attacked online retailer Newegg using a new domain named neweggstats.com that they registered in August.

Security firm RiskIQ has claimed that the breach of the British Airways website was carried out by a group known as Magecart which was also responsible for infiltrating the Ticketmaster UK website earlier this year.