9 matches found
Are HTTP Content-Security-Policy (CSP) Headers Sufficient to Secure Your Client Side?
Modern web frameworks have shifted business logic from the server side to the client side web browser, enhancing performance, flexibility, and user experience. However, this move introduces security and privacy concerns, as exposing sensitive logic and data can lead to vulnerabilities like code...
Attention Online Shoppers: Don't Be Fooled by Their Sleek, Modern Looks — It's Magecart!
An ongoing Magecart campaign has attracted the attention of cybersecurity researchers for leveraging realistic-looking fake payment screens to capture sensitive data entered by unsuspecting users. "The threat actor used original logos from the compromised store and customized a web element known ...
How to Reduce the Risk of Buy Now, Pay Later Fraud
According to a recent FinTech trends report, 2022 is expected to be a big year for Buy Now, Pay Later BNPL. Apple’s recent announcement of its entry into BNPL with Apple Pay Later represents a seismic boom for a sector which is projected to top $1 trillion in annual gross merchandise volume by...
CronRAT: A New Linux Malware That's Scheduled to Run on February 31st
Researchers have unearthed a new remote access trojan RAT for Linux that employs a never-before-seen stealth technique that involves masking its malicious actions by scheduling them for execution on February 31st, a non-existent calendar day. Dubbed CronRAT, the sneaky malware "enables server-sid...
The many tentacles of Magecart Group 8
This blog post was authored by Jérôme Segura During the past couple of years online shopping has continued to increase at a rapid pace. In a recent survey done by Qubit, 70.7% of shoppers said they increased their online shopping frequency compared to before COVID-19. Criminals gravitate towards...
Magecart Goes Server-Side in Latest Tactics Changeup
Magecart Group 12, known for skimming payment information from online shoppers, was fingered for last September’s gonzo attack on more than 2,000 e-Commerce sites, and now researchers have issued a report explaining how they did it, detailing a new technical approach. The skimmers are still “very...
Digital skimmers: What are they and how can I keep my card details safe online?
A few weeks ago, British Airways was hit by the largest ever regulatory fine of its kind, after global customers visiting its website had their card data stolen. The $228m penalty levied by the UK’s privacy watchdog reflects the seriousness of the attack and the carrier’s failure to protect its...
New MageCart Attacks Target Bedding Retailers My Pillow and Amerisleep
Cybersecurity researchers today disclosed details of two newly identified Magecart attacks targeting online shoppers of bedding retailers MyPillow and Amerisleep. Magecart is an umbrella term researchers gave to at least 11 different hacking groups that are specialized in implanting malware code ...
Malwarebytes’ 2019 security predictions
Every year, we at Malwarebytes Labs like to stare into our crystal ball and foretell the future of malware. Okay, maybe we don't have a crystal ball, but we do have years and years of experience in observing trends and sensing shifts in patterns. When it comes to security, though, we can only kno...