Security News > 2024 > June > Facebook PrestaShop module exploited to steal credit cards
Hackers are exploiting a flaw in a premium Facebook module for PrestaShop named pkfacebook to deploy a card skimmer on vulnerable e-commerce sites and steal people's payment credit card details.
Promokit's pkfacebook add-on is a module that allows shop visitors to log in using their Facebook accounts, leave comments under the shop's pages, and communicate with support agents using Messenger.
Hackers closely monitor for SQL injection flaws impacting webshop platforms, as those can be used to obtain administrative privileges, access or modify data on the site, extract database contents, and rewrite SMTP settings to hijack emails.
Roughly two years back, PrestaShop issued an urgent warning and hotfix against attacks targeting modules vulnerable to SQL injection to achieve code execution on targeted sites.
SolarWinds Serv-U path traversal flaw actively exploited in attacks.
CISA warns of actively exploited Linux privilege elevation flaw.