Category Archives: Magento

The Wild West of drive-by cryptocurrency mining

Posted on by

As more and more Coinhive clones continue popping up, chances of users’ CPU power being hijacked for cryptocurrency mining are rising. According to Malwarebytes’ latest figures, their AV solution blocked an average of 8 million cryptojacking attempts per day from late September to late October. And that’s just the attempts tied to Coinhive domains and proxies! Censys’s search engine reveals that nearly 900 of the top one million most visited sites runs the Coinhive script. … More Continue reading The Wild West of drive-by cryptocurrency mining

GameStop Online Shoppers Officially Warned of Breach

Posted on by

Some customers are irked it took GameStop months to inform them that their personal and financial information could have been compromised in a breach of GameStop.com that began in August 2016. Continue reading GameStop Online Shoppers Officially Warned of Breach

Trump’s Dumps: ‘Making Dumps Great Again’

Posted on by

It’s not uncommon for crooks who peddle stolen credit cards to seize on iconic American figures of wealth and power in the digital advertisements for these shops that run continuously on various cybercrime forums. Exhibit A: McDumpals, a hugely popular carding site that borrows the Ronald McDonald character from McDonald’s and caters to bulk buyers. Exhibit B: Uncle Sam’s dumps shop, which wants YOU! to buy American. Today, we’ll look at an up and coming credit card shop called Trump’s-Dumps, which invokes 45’s likeness and promises to “make credit card fraud great again.” Continue reading Trump’s Dumps: ‘Making Dumps Great Again’

Trump’s Dumps: ‘Making Dumps Great Again’

Posted on by

It’s not uncommon for crooks who peddle stolen credit cards to seize on iconic American figures of wealth and power in the digital advertisements for these shops that run continuously on various cybercrime forums. Exhibit A: McDumpals, a hugely popular carding site that borrows the Ronald McDonald character from McDonald’s and caters to bulk buyers. Exhibit B: Uncle Sam’s dumps shop, which wants YOU! to buy American. Today, we’ll look at an up and coming credit card shop called Trump’s-Dumps, which invokes 45’s likeness and promises to “make credit card fraud great again.” Continue reading Trump’s Dumps: ‘Making Dumps Great Again’

Defeating Magento security mechanisms: Attacks used in the real world

Posted on by

DefenseCode recently discovered and reported multiple stored cross-site scripting and cross-site request forgery vulnerabilities in Magento 1 and 2 which will be addressed in one of the future patches. In light of these findings, this article describes examples of several attacks used in the real world that combine common vulnerabilities with faulty security mechanisms in Magento, leading to an unfavourable outcome. Examples will be aimed at Magento 2, but most of them can be applied … More Continue reading Defeating Magento security mechanisms: Attacks used in the real world

Magento-based online shops hit with self-healing malware

Posted on by

Administrators of e-commerce sites running on the open source platform Magento would do well to check their database for triggers with suspicious SQL code, warns Willem de Groot. De Groot is the co-founder of byte.nl, a webhosting provider for (among other things) Magento shops, and he was recently made aware of an interesting new attack pattern spotted by Magento/PHP developer Jeroen Boersma. The latter discovered a suspicious database trigger on a compromised online shop. The … More Continue reading Magento-based online shops hit with self-healing malware