Hackers have breached the infrastructure of Volusion, a provider of cloud-hosted online stores, and are delivering malicious code that records and steals payment card details entered by users in online forms.
At the time of writing, the malicious code is still on Volusion's servers and is still being delivered to all of the company's client stores.
* * *
The incident is what cyber-security experts call a Magecart attack or web card skimming, where crooks steal payment card details from online shops, rather than ATMs. These types of hacks have been happening for years, but they've intensified over the past two.
Most Magecart attacks take place when hackers use vulnerabilities in self-hosted stores to plant skimmer code on outdated online shops.
But, sometimes, hackers also manage to breach cloud-based platforms -- like Volusion -- or companies that provide widgets, analytics, ads, or other secondary services to online stores.
Were you following this:
Russian hackers modify Chrome and Firefox to track secure web traffic
Toms Shoes' Mailing List Hacked to Tell Users to Log Off - VICE
Too often, hackers use their skills to steal cash or make someone's day very difficult . But sometimes, hackers just want to send a message . On Sunday, one hacker used the mailing list of retailer TOMS Shoes to tell users it's time to log off.
Nathan wouldn't specify how they broke into the TOMS account, but said it was easy. They also had a message for other hackers who may have other motivations.
Shifting allegiances of hackers causing confusion for defense efforts - TechRepublic
"Leaders have to anticipate and prepare for larger, more numerous attack surfaces, additional security challenges, and new opportunities for attackers! Volusion® Official Site - Success Starts at Volusion® www. volusion ...The ...One Solution with Unlimited 24/7 Support. Start your Free Trial Now! Mobile Commerce Ready · Customizable Store Design Ecommerce Software & Shopping Cart Solutions by Volusion Trusted by 40000+ businesses. FREE 14-day trial, no credit card ...!! Given all this, cybersecurity and risk management can no longer be just the province of IT professionals and network administrators," said David Petraeus, a retired US Army General and Optiv board member.
"CEOs, corporate board members, CISOs, and other executives have to make cybersecurity 'C-suite business' in order to ensure their companies secure what they have, while enabling continuous business and operational change and keeping pace with ever-changing threats in order to identify and thwart would-be hackers and respond rapidly to malicious activity."
Citing data from the Privacy Rights Clearinghouse and FBI, the Optiv report said there were 50,642 personal breaches, 2,480 corporate data breaches and 828 major data hacks that made 1.3 trillion records public in 2018.
And here's another article:
How to keep hackers away
But the oversharing doesn't end there. While shopping online is convenient, never allow a website to store your credit card information; even your fitness tracker can be a liability.
One study showed if you wear it while entering your phone passcode or ATM pin, hackers can use that motion information to guess your code with more than 90% accuracy.
WhatsApp had a bug that let hackers take over phones with a GIF | FOX6Now.com
WhatsApp has fixed a security bug that allowed hackers to take over the messaging app with a malicious GIF.
The hack could be triggered when a user opened a malicious GIF in their gallery. After the GIF was opened, the app’s contents could have been exploited, revealing previous chat history.
Devices running Android 8.1 and 9 could have been susceptible to the hack. A researcher called Awakened discovered the vulnerability and wrote about it in a blog post last week.
WhatsApp, which is owned by Facebook, released a patch last month, though it said it’s unlikely anyone was actually hacked using the technique Awakened revealed.
“We have no reason to believe this affected any users, though of course, we are always working to provide the latest security features to our users,” a WhatsApp spokesperson told CNN Business.
Hackers breach Volusion and start collecting card details from thousands of site https://t.co/woMyURLQJa by @campuscodi ZDNet (from USA | UK | Asia | Australia) Tue Oct 08 19:38:43 +0000 2019
Researchers find that hackers have breached Volusion, a Shopify rival, delivering malicious JavaScript code to betw… https://t.co/9uUwblEv3b Techmeme (from United States) Tue Oct 08 20:01:45 +0000 2019
A reminder that, yes, the Trump Campaign once hired CrowdStrike to investigate a malware incident and a potential b… https://t.co/ZSAQYTcCrh RidT (from Washington, DC) Mon Sep 30 13:04:41 +0000 2019
Breaking: Microsoft says it has seen Iranian hackers try to breach a US presidential campaign. Bing_Chris (from Washington DC) Fri Oct 04 16:05:32 +0000 2019
No comments:
Post a Comment