A new skimmer uses WebSockets and a fake credit card form to steal sensitive data

A new skimmer attack was discovered this week, targeting various online e-commerce sites built with different frameworks. As of the writing of this blog post, the attack is still active and exfiltrating data. Continue reading A new skimmer uses WebSockets and a fake credit card form to steal sensitive data

Cyber Security Roundup for November 2020

A roundup of UK focused Cyber and Information Security News, Blog Posts, Reports and general Threat Intelligence from the previous calendar month, October 2020.
London’s Hackney Borough Council has been tight-lipped about “a serious cyber-attack” which… Continue reading Cyber Security Roundup for November 2020

Cyber Security Roundup for November 2020

A roundup of UK focused Cyber and Information Security News, Blog Posts, Reports and general Threat Intelligence from the previous calendar month, October 2020.
London’s Hackney Borough Council has been tight-lipped about “a serious cyber-attack” which… Continue reading Cyber Security Roundup for November 2020

GrowDiaries Exposes Emails, Passwords of 1.4M Cannabis Growers

Cannabis journaling platform GrowDiaries exposed more than 3.4 million user records online, many from countries where pot is illegal. Continue reading GrowDiaries Exposes Emails, Passwords of 1.4M Cannabis Growers

Client-Side Protection is Key to Web Application Security

The Open Web Application Security Project (OWASP) Foundation defines script attacks as a "type of injection in which malicious scripts are injected into otherwise benign and trusted websites." From the perspective of the user, malicious code is… Continue reading Client-Side Protection is Key to Web Application Security

Client-Side Protection is Key to Web Application Security

The Open Web Application Security Project (OWASP) Foundation defines script attacks as a "type of injection in which malicious scripts are injected into otherwise benign and trusted websites." From the perspective of the user, malicious code is coming from trusted websites. Recently popularized by Magecart hacker groups, script attacks have focused on the web skimming of cookies, tokens, and — most commonly — personally identifiable information (PII) such as payment information, medical records, and other types of sensitive information. Continue reading Client-Side Protection is Key to Web Application Security

Texas Gold-Dealer Mined for Payment Details in Months-Long Data Breach

JM Bullion fell victim to a payment-card skimmer, which was in place for five months. Continue reading Texas Gold-Dealer Mined for Payment Details in Months-Long Data Breach

Experts Weigh in on E-Commerce Security Amid Snowballing Threats

How a retail sector reeling from COVID-19 can lock down their online systems to prevent fraud during the upcoming holiday shopping spike. Continue reading Experts Weigh in on E-Commerce Security Amid Snowballing Threats