Accountability, eCommerce and Information Security

Hacking eCommerce sites based on OXID eShop by chaining 2 flaws

Security Affairs

JULY 30, 2019

Researchers at RIPS Technologies discovered vulnerabilities in the OXID eShop platform that could expose eCommerce websites to hack. Experts at RIPS Technologies discovered several flaws in the OXID eShop platform that could be exploited by unauthenticated attackers to compromise eCommerce websites. Pierluigi Paganini. Marriott, GDPR).

eCommerce

eCommerce Hacking Advertising Software

Visa warns of new sophisticated credit card skimmer dubbed Baka

Security Affairs

SEPTEMBER 6, 2020

The alert includes Indicators of Compromise and the following list of best practices and mitigation measures: • Institute recurring checks in eCommerce environments for communications with the C2s. Ensure familiarity and vigilance with code integrated into eCommerce environments via service providers.

eCommerce

eCommerce Malware Encryption Advertising

A new e-skimmer found on WordPress site using the WooCommerce plugin

Security Affairs

APRIL 12, 2020

The e-skimmer doesn’t just intercept payment information provided by the users into the fields on a check-out page. Naturally, WooCommerce and other WordPress-based ecommerce websites have been targeted before, but this has typically been limited to modifications of payment details within the plugin settings.” ” concludes Sucuri.

eCommerce

eCommerce Malware Advertising Software

A new sophisticated JavaScript Skimmer dubbed Pipka used in the wild

Security Affairs

NOVEMBER 15, 2019

Unlike other skimmers, Pipka has the ability to remove itself from the compromised HTML code after execution, in an effort to avoid detection, Visa notes in a security alert ( PDF ). In the cases investigated by PFD, the skimmer was configured to check for the payment account number field. ” reads the advisory published by VISA.

eCommerce

eCommerce Accountability Advertising Cybercrime

Law enforcement Operation HAECHI IV led to the seizure of $300 Million

Security Affairs

DECEMBER 20, 2023

The six-month operation (July-December 2023) targeted organizations involved in seven types of online scams: business email compromise (BEC), ecommerce fraud, investment fraud, voice phishing , money laundering associated with illegal online gambling, romance scams , and online sextortion schemes.

Scams

Scams eCommerce Banking Cybercrime

Security Affairs newsletter Round 252

Security Affairs

FEBRUARY 23, 2020

FC Barcelona and the International Olympic Committee Twitter accounts hacked. 5 Ways artificial intelligence Is Being Used to Keep Sensitive Information Secure. Uncovering New Magecart Implant Attacking eCommerce. Hackers are actively exploiting a Zero-Day in WordPress ThemeREX Plugin to create Admin Accounts.

Artificial Intelligence

Artificial Intelligence eCommerce Hacking Advertising

Over 23 million stolen payment card data traded on the Dark Web in H1 2019

Security Affairs

JULY 28, 2019

More than 15 million payment card were issued in the US, no other nation accounted for more than 10 percent of stolen card numbers. The following graph shows that three trading posts accounted for 64 percent of the cards on offer during the first half of 2019. . AMEX accounted for 12 percent. .

eCommerce

eCommerce Marketing Advertising Accountability

Retail giant Costco discloses data breach, payment card data exposed

Security Affairs

NOVEMBER 12, 2021

The company also operates eCommerce websites for shoppers in North and South America, Europe and Asia. “We Bleeping Computer reported that some customers claim that the security breach could have taken place in February. The company recommends customers monitor their bank accounts and credit card statements for fraudulent activities.

Retail

Retail Data breaches eCommerce Hacking

Global Shipping and mailing services firm Pitney Bowes hit by ransomware attack

Security Affairs

OCTOBER 15, 2019

Pitney Bowes is a global technology company that provides commerce solutions in the areas of ecommerce, shipping, mailing, data and financial services. “Pitney Bowes was affected by a malware attack that encrypted information on some systems and disrupted customer access to some of our services.

Ransomware

Ransomware eCommerce Advertising Financial Services

WordPress Plugin abused to install e-skimmers in e-commerce sites

Security Affairs

MAY 28, 2024

. “In essence, ecommerce sites are prime targets for hackers due to the valuable data they handle.” Use strong passwords : Ensure all accounts, including admin, sFTP, and database credentials, have strong and unique passwords. ” concludes the report.

eCommerce

eCommerce Firewall Malware Passwords

Security Affairs newsletter Round 229 – News of the week

Security Affairs

SEPTEMBER 1, 2019

White hat hacker demonstrated how to hack a million Instagram accounts. Magecart hackers compromise another 80 eCommerce sites. FIN6 recently expanded operations to target eCommerce sites. Twitter account of Jack Dorsey, Twitter CEO and co-founder, has been hacked.

eCommerce

eCommerce Data breaches Malware Advertising

Ransomware en masse on the wane: top threats inside web-phishing in H1 2020

Security Affairs

SEPTEMBER 18, 2020

Web-phishing targeting various online services almost doubled during the COVID-19 pandemic , it accounted for 46 percent of the total number of fake web pages. Just as it was the case in the second half of 2019, in the first half of this year, online services like ecommerce websites turned out to be the main target of web-phishers.

Phishing

Phishing Ransomware Spyware Banking

Cybercriminals Implemented Artificial Intelligence (AI) for Invoice Fraud

Security Affairs

JANUARY 3, 2024

Resecurity has uncovered a cybercriminal faction known as “ GXC Team “, who specializes in crafting tools for online banking theft, ecommerce deception, and internet scams. For the tool to function, the operator must input a list of compromised email accounts to be scanned.

Artificial Intelligence

Artificial Intelligence Banking Scams Cybercrime

Pay it safe: Group-IB aids Paxful in repelling a series of web-bot attacks

Security Affairs

OCTOBER 20, 2020

Group-IB , a global threat hunting and intelligence company headquartered in Singapore, has assisted Paxful , an international peer-to-peer cryptocurrency marketplace, in countering a wave of web-bot and social engineering attacks, and customer account takeovers. million customers against possible attacks.

Cryptocurrency

Cryptocurrency Social Engineering eCommerce Engineering

Pitney Bowes revealed that its systems were infected with Ryuk Ransomware

Security Affairs

OCTOBER 18, 2019

Pitney Bowes is a global technology company that provides commerce solutions in the areas of ecommerce , shipping, mailing, data and financial services. The global shipping and mailing services company Pitney Bowes recently suffered a partial outage of its service caused by a ransomware attack. ” reads the update shared by the company.

Ransomware

Ransomware eCommerce Advertising Financial Services

Cybercriminals are Oversharing with Social Media Data Breaches

SiteLock

AUGUST 27, 2021

Peace stole data from over 360 million Myspace accounts. The stolen data was several years old, but it is still valuable on the dark web because people often reuse passwords for multiple sites and accounts, from online banking to eCommerce accounts. Each stolen record contained an email address and password.

Data breaches

Data breaches Media Passwords Accountability

Operation Night Fury: Group-IB helps take down a cybergang behind the infection of hundreds of websites all over the world

Security Affairs

JANUARY 27, 2020

JavaScript-sniffers (JS-sniffers) targeting ecommerce websites is a type of malicious JavaScript code, designed to steal customer payment and personal data such as credit card numbers, names, addresses, logins, phone numbers, and credentials from payment systems, and etc. ” James Tan. Press release is available here.

Cybercrime

Cybercrime Marketing eCommerce Advertising

The Hacker Mind Podcast: Hacking Healthcare

ForAllSecure

JANUARY 15, 2021

I’m Robert Vamosi and this episode about best practices in information security, and how critical life services, in particular, remain at risk today -- in the middle of a global pandemic. It’s important to note that we have made great progress in healthcare digital security since the early 2000s. Hopefully not.

Healthcare

Healthcare Hacking InfoSec Software

The Hacker Mind Podcast: Hacking Healthcare

ForAllSecure

JANUARY 15, 2021

I’m Robert Vamosi and this episode about best practices in information security, and how critical life services, in particular, remain at risk today -- in the middle of a global pandemic. It’s important to note that we have made great progress in healthcare digital security since the early 2000s. Hopefully not.

Healthcare

Healthcare Hacking InfoSec Software

Cybersecurity Awareness Month: Security Experts Reflect on Safety

CyberSecurity Insiders

NOVEMBER 1, 2021

“At Forter, we’ve seen a marked uptick in Account Takeovers (ATO); a form of identity fraud in which a third-party steals credentials and / or gains access to user accounts. The global pandemic has kept people home, and so many consumers have entered the world of eCommerce. How can that be?

Cybersecurity

Cybersecurity Backups Ransomware Passwords

Security Affairs newsletter Round 523 by Pierluigi Paganini – INTERNATIONAL EDITION

Security Affairs

MAY 11, 2025

CVSS) in IOS XE That Enables Root Exploits via JWT Internet tracking: How and why were followed online Google to pay Texas $1.4 CVSS) in IOS XE That Enables Root Exploits via JWT Internet tracking: How and why were followed online Google to pay Texas $1.4

Spyware

Spyware Ransomware Malware DDOS

Cyber Security Informer

Hacking eCommerce sites based on OXID eShop by chaining 2 flaws

Visa warns of new sophisticated credit card skimmer dubbed Baka

Trending Sources

A new e-skimmer found on WordPress site using the WooCommerce plugin

A new sophisticated JavaScript Skimmer dubbed Pipka used in the wild

Law enforcement Operation HAECHI IV led to the seizure of $300 Million

Security Affairs newsletter Round 252

Over 23 million stolen payment card data traded on the Dark Web in H1 2019

Retail giant Costco discloses data breach, payment card data exposed

Global Shipping and mailing services firm Pitney Bowes hit by ransomware attack

WordPress Plugin abused to install e-skimmers in e-commerce sites

Security Affairs newsletter Round 229 – News of the week

Ransomware en masse on the wane: top threats inside web-phishing in H1 2020

Cybercriminals Implemented Artificial Intelligence (AI) for Invoice Fraud

Pay it safe: Group-IB aids Paxful in repelling a series of web-bot attacks

Pitney Bowes revealed that its systems were infected with Ryuk Ransomware

Cybercriminals are Oversharing with Social Media Data Breaches

Operation Night Fury: Group-IB helps take down a cybergang behind the infection of hundreds of websites all over the world

The Hacker Mind Podcast: Hacking Healthcare

The Hacker Mind Podcast: Hacking Healthcare

Cybersecurity Awareness Month: Security Experts Reflect on Safety

Security Affairs newsletter Round 523 by Pierluigi Paganini – INTERNATIONAL EDITION

Stay Connected