A week in security (July 29 – August 4)

A roundup of security news from July 29 – August 4 including Capital One breach, Lord Exploit Kit, more Magecart skimming, ATM attacks, QR code scams, and Equifax payout.

Categories:

Tags:

(Read more…)

The post A week in security (July 29 – August 4) appeared first on Malwarebytes Labs.

No summer break for Magecart as web skimming intensifies

Despite the heat, criminals are hard at work stealing credit card data from unaware shoppers. July marks a notable increase in web skimmer attacks over previous months.

Categories:

Tags:

(Read more…)

The post No summer break for Magecart as web skimming intensifies appeared first on Malwarebytes Labs.

A week in security (July 15 – 21)

A roundup of cybersecurity news from July 15–21, including the Zoom camera vulnerability, Extenbro, Sodinokibi, Magecart, and cybersecurity challenges facing the education sector.

Categories:

Tags:

(Read more…)

The post A week in security (July 15 – 21) appeared first on Malwarebytes Labs.

No man’s land: How a Magecart group is running a web skimming operation from a war zone

We take a look into a Magecart group’s web skimming activities, which are relying on a bulletproof-friendly host in battle-scarred Luhansk, Ukraine to provide cover for their activities, safe from the reach of law enforcement and the security community.

Categories:

Tags:

(Read more…)

The post No man’s land: How a Magecart group is running a web skimming operation from a war zone appeared first on Malwarebytes Labs.

Skimmer acts as payment service provider via rogue iframe

Even e-commerce sites that do not take payment information themselves can be abused by crooks. In this post, we show how a web skimmer is able to inject an artificial iframe into the checkout page to prompt users for their credit card information. Victims will only realize something’s not right when they are redirected to the real (and external) payment form.

Categories:

Tags:

(Read more…)

The post Skimmer acts as payment service provider via rogue iframe appeared first on Malwarebytes Labs.

New Golang brute forcer discovered amid rise in e-commerce attacks

E-commerce sites are a hot commodity these days. We dig into how compromised PCs are helping to hack into them to inject skimmers, whether via vulnerabilities in the websites themselves or through a new malware we discovered gaining entry via brute force.

Categories:

Tags:

(Read more…)

The post New Golang brute forcer discovered amid rise in e-commerce attacks appeared first on Malwarebytes Labs.

Web skimmers compete in Umbro Brasil hack

In this web skimming match between two Magecart groups, there can only be one winner.

Categories:

Tags:

(Read more…)

The post Web skimmers compete in Umbro Brasil hack appeared first on Malwarebytes Labs.

A week in security (September 24 – 30)

A roundup of the security news from September 24–30 including phishing, Apple woes, a vulnerability in the wild, e-commerce attacks, phone spam, and a massive Facebook breach.

Categories:

Tags:

(Read more…)

The post A week in security (September 24 – 30) appeared first on Malwarebytes Labs.