For Magecart groups and other credit-card skimmers, old and new opportunities abound
The entry points for Magecart and other e-commerce skimmers are changing, but the attackers are getting more clever, too.
Advertisement
RiskIQ
Evidence suggests Russia’s SVR is still using ‘WellMess’ malware, despite US warnings
It's less clear what APT29 might be doing with the hacking tool, after allegedly using it last summer to try to steal COVID-19 research.
How scammers use faked news articles to promote coronavirus ‘cures’ that only defraud victims
It's the latest effort to separate anxious web users from their hard-earned cash.
Twilio breach spotlights struggle to keep corporate software kits out of the wrong hands
The damage could have been worse if the attack had been targeted.
Magecart hackers have spent weeks lurking on NutriBullet’s website
The compromise was ongoing as of this article's publication, according to RiskIQ.
Magecart strikes more than 2 million websites as more groups get involved
Scammers seem only to be accelerating their attacks as attention grows.
Advertisement
Automated Magecart spree hit thousands of sites via misconfigured cloud servers, RiskIQ says
The crooks are scanning the web for vulnerable Amazon Web Services S3 buckets, according to security vendor RiskIQ.
Gift-card scheme went well beyond Wipro hack, RiskIQ reports
RiskIQ has found at least five different attack campaigns tied to the perpetrators of the apparent Wipro breach.
Magecart’s ‘shotgun approach’ to payment card theft is wreaking havoc on e-commerce sites
Flashpoint detailed an active Magecart-style campaign sweeping up data from more than 100 sites.
New ‘Magecart’ group used ad plugin to steal payment data from hundreds of websites
The attack bears similarity to Magecart activity, but researchers say a new Magecart group is behind it.