CyCognito Report Highlights Rising Cybersecurity Risks in Holiday E-Commerce

November 26, 2024 at 11:24AM CyCognito released a report highlighting security risks for ecommerce platforms during the holiday shopping season, noting increased threats to customer data. With vulnerabilities in web applications, retailers must prioritize security checks to avoid potential data breaches and disruptions. Key issues include lack of HTTPS, WAF protections, and trust certificate validity. … Read more

Fake Discount Sites Exploit Black Friday to Hijack Shopper Information

November 18, 2024 at 06:03AM A phishing campaign, attributed to a Chinese group named SilkSpecter, targets e-commerce shoppers in Europe and the U.S. ahead of Black Friday. Using fake sites mimicking brands, it aims to steal personal information and financial data through bogus discounts and SEO strategies. Victims may also face follow-up attacks. **Meeting Takeaways: … Read more

Cybercriminals Use Unicode to Hide Mongolian Skimmer in E-Commerce Platforms

October 10, 2024 at 04:00AM Researchers have uncovered a new malware campaign involving the Mongolian Skimmer, using Unicode obfuscation to hide its code. Targeting e-commerce, the skimmer collects sensitive data via an inline script. It employs various techniques to evade detection and ensure broad browser compatibility, even coordinating with other threat actors for profit sharing. … Read more

Thousands of Oracle NetSuite E-Commerce Sites Expose Sensitive Customer Data

August 16, 2024 at 12:41PM Widespread misconfiguration in Oracle NetSuite’s SuiteCommerce ERP platform has exposed customer data on thousands of websites. The issue, uncovered by AppOmni, allows unauthorized access to sensitive data due to misconfigured access controls on custom record types. NetSuite urged customers to review their security settings, as SaaS security programs need more … Read more

New Credit Card Skimmer Targets WordPress, Magento, and OpenCart Sites

June 26, 2024 at 05:33AM The credit card web skimmer, Caesar Cipher Skimmer, is targeting CMS platforms like WordPress, Magento, and OpenCart. It operates by injecting obfuscated malware into e-commerce sites to steal financial information. The skimmer uses various methods to conceal its activities and can adapt its responses based on the website it infects. … Read more

Over 110,000 Websites Affected by Hijacked Polyfill Supply Chain Attack

June 26, 2024 at 01:01AM Google has blocked ads for e-commerce sites using Polyfill.io due to a supply chain attack. The Chinese company Funnull acquired the domain and altered the JavaScript library to redirect users to malicious sites, impacting over 110,000 sites. Concerns have been raised about the security and maintenance of the library, prompting … Read more

Facebook PrestaShop module exploited to steal credit cards

June 23, 2024 at 03:08PM Hackers are exploiting a flaw in the pkfacebook module for PrestaShop to deploy a card skimmer and steal credit card details from vulnerable e-commerce sites. The flaw, tracked as CVE-2024-36680, allows for SQL injection vulnerabilities. Promokit claims the flaw was fixed, but Friends-Of-Presta warns of active exploitation and recommends specific … Read more

CosmicSting flaw impacts 75% of Adobe Commerce, Magento sites

June 20, 2024 at 05:32PM A critical vulnerability, “CosmicSting” (CVE-2024-34102), affecting Adobe Commerce and Magento websites, poses a major security threat. Despite a security update being available, the majority of impacted sites remain unpatched, leaving them open to severe attacks. Administrators are urged to apply the recommended fixes immediately, with specific versions provided. For those … Read more

WordPress Plugin Exploited to Steal Credit Card Data from E-commerce Sites

May 28, 2024 at 02:45AM Unknown threat actors are exploiting WordPress’s Dessky Snippets plugin, with over 200 active installations, to insert PHP credit card skimming malware into compromised sites. The malware manipulates WooCommerce’s checkout process to steal credit card details, exfiltrating them to a specific URL. This underscores the need for WordPress site owners, especially … Read more

New Case Study: The Malicious Comment

May 7, 2024 at 07:45AM A ‘Thank you’ comment on a retailer’s page concealed a malicious vulnerability, allowing hackers to steal shoppers’ personal information. The continuously updated web threat management solution from Reflectiz detected and mitigated the threat. Regulatory compliance such as GDPR is crucial to avoid hefty fines and reputational damage. Protect your website … Read more