Collaborate Disseminate
Over two dozen third-party ecommerce plugins contain zero-day vulnerabilities being exploited in a recent Magecart campaign. Continue reading Magecart Cybergang Targets 0days in Third-Party Magento Extensions
Whatever Magecart is, it’s been blamed for several high-profile payment card breaches this summer. Continue reading Payment skimmers sneaking on to websites via third party code
The groups of attackers who specialize in injecting payment card skimmer code called Magecart into online shops managed to compromise a third-party customer rating plugin called Shopper Approved that’s used by thousands of websites. The compromi… Continue reading Magecart Injects Skimmer Code in Customer Rating Widget
The breach also impacted hundreds of Shopper Approved’s customers. Continue reading Magecart Group Targets Shopper Approved in Latest Attack
Researchers with RiskIQ say they have uncovered and helped resolve a credit card-skimming threat that targeted a third-party web app that manages customer reviews. The company attributes the threat to Magecart, a loosely associated set of hacking groups that exploit vulnerabilities in widely used third-party scripts. Magecart has been linked to similar payment data breaches with Ticketmaster UK, Newegg, British Airways and others. But Yonathan Klijnsma, head researcher at RiskIQ, explained to CyberScoop that Magecart is more of an umbrella term to describe the independent groups that exchange and imitate other groups’ procedures. In this case, RiskIQ says that a tool made by e-commerce software company Shopper Approved was compromised by Magecart threat actors, giving them the ability to skim payment information from the checkout pages of “a few hundred” online stores using the tool. RiskIQ labels this Magecart group “Group 5” and says it’s the same one that targeted Ticketmaster. The tool […]
The post Magecart group compromises customer ratings tool, affecting ‘hundreds’ of online stores appeared first on Cyberscoop.