Collaborate Disseminate
On Tuesday we learned that the previously disclosed Ticketmaster UK breach from a few weeks ago was not a one-off event but instead part of a widespread website digital credit card skimming operation that impacted over 800 ecommerce sites around the wo… Continue reading Magecart presents an unprecedented threat: Here’s what you can do
RiskIQ researchers have discovered that the recent breach of Ticketmaster was not a one-off event as initially reported, but part of a massive digital credit card-skimming campaign by the threat group Magecart affecting over 800 e-commerce sites around… Continue reading Ticketmaster breach part of massive credit card skimming campaign
With the end-of-the-year holidays quickly approaching and many users worrying whether the gifts they bought online will be delivered in time for the festivities, an email from PayPal saying their transactions were impossible to verify or their payments… Continue reading Phishers target panicking PayPal users with fake “failed transaction” emails
The Magecart campaign, aimed at compromising online shops with malicious JavaScript code to collects payment card info, is still going strong, and researchers have pinpointed another way threat actors behind it monetize the stolen information. First spotted in October 2016 by RiskIQ and ClearSky researchers, Magecart mainly hits e-commerce sites running outdated and unpatched versions of shopping cart software from Magento, Powerfront, and OpenCart. After gaining access to the web platforms, the attackers change the … More → Continue reading How Magecart attackers monetize stolen payment card info
More than 80 percent of Americans have a strong interest in using connected devices to make purchases, with a keen eye toward security and data concerns, according to Visa and Pymnts. More spending, across more devices, in less time As the use of voice-controlled assistants and wearable devices become more commonplace, consumers are citing adoption benefits such as saving time, more frictionless payments, and efficiency with day-to-day tasks. With benefits such as these, it is … More → Continue reading Connected devices and the future of payments
A week ago, RiskIQ researchers revealed that over 100 online shops have, at one point in the last six months, been injected with malicious JavaScript code that exfiltrates payment card information users enter to pay for their shopping. But, as it turns out, that was just the tip of the iceberg. The number of compromised online shops keeps rising Willem de Groot, co-founder of byte.nl, a webhosting provider for (among other things) Magento shops, has … More → Continue reading 6000+ compromised online shops – and counting
Since March 2016 (and possibly even earlier), someone has been compromising a variety of online shops and injecting them with malicious JavaScript code that exfiltrates payment card and other kinds of information users entered to pay for their shopping. According to RiskIQ and ClearSky researchers, the campaign – which they dubbed Magecart – is still ongoing, albeit at a reduced scope and pace. Since March, the threat actor behind it has compromised more than 100 … More → Continue reading 100+ online shops compromised with payment data-stealing code
More than 1 million incidents of financial fraud – payment card, remote banking and cheque fraud – occurred in the first six months of 2016, according to official figures released by Financial Fraud Action UK. To compare, in the first six months of 2015 there were a little over 660,000 cases. “Banks and other financial service providers work hard to protect their customers, using highly sophisticated security systems. Last year, banks stopped £7 in £10 … More → Continue reading UK: Financial fraud soars
Online payment platform Dwolla has been ordered by the Consumer Financial Protection Bureau (CFPB) to pay a $100,000 fine for deceiving consumers about its data security practices and the safety of its online payment system. US-based has been operating since late 2009 and now has over 650,000 users who, in order to use the service, have to share sensitive personal and financial information with the company through its website and mobile apps. “From December 2010 … More → Continue reading Dwolla fined $100,000 for deceiving customers about data safety