Security News

The hacking spree targeting underground marketplaces has claimed another victim as a database from card shop Swarmshop emerged on another forum. By the looks of it, the leak contains the records of the entire Swarmshop community along with all the stolen card data traded on the forum.

Global payments processor VISA warns that threat actors are increasingly deploying web shells on compromised servers to exfiltrate credit card information stolen from online store customers. Throughout the last year, VISA has seen a growing trend of web shells being used to inject JavaScript-based scripts known as credit card skimmers into hacked online stores in web skimming attacks.

Magecart attackers have found a new way to hide their nefarious online activity by saving data they've skimmed from credit cards online in a.JPG file on a website they've injected with malicious code. "The creative use of the fake.JPG allows an attacker to conceal and store harvested credit card details for future use without gaining too much attention from the website owner," he wrote.

Hackers have come up with a sneaky method to steal payment card data from compromised online stores that reduces the suspicious traffic footprint and helps them evade detection. Instead of sending the card info to a server they control, hackers hide it in a JPG image and store it on the infected website.

Attackers are abusing Google's Apps Script business application development platform to steal credit card information submitted by customers of e-commerce websites while shopping online. They take advantage of the fact that online stores would consider Google's Apps Script domain as trusted and potentially whitelisting all Google subdomains in their sites' CSP configuration.

MalwareBytes is reporting a weird software credit card skimmer. Even though spotting multiple card skimmer scripts on the same online shop is not unheard of, this one stood out due to its highly specialized nature.

Visa announced the availability of a new benefit for its Visa consumer credit accountholders in the U.S. Consumers with Visa Infinite, Visa Signature or Visa Traditional credit cards can now enroll and take advantage of a complimentary offer and discounts on products and services from NortonLifeLock. "The past year has brought tremendous change in the way people are using their Visa credit cards and associated benefits," said Brian Cole, head of product, NA, Visa.

A threat actor has infected an e-commerce store with a custom credit card skimmer designed to siphon data stolen by a previously deployed Magento card stealer. Credit card skimmers are JavaScript scripts that cybercrime groups known as Magecart groups inject into hacked e-commerce sites as part of web skimming attacks.

The administrator of Joker's Stash, a popular and one of the longest-running marketplace for cybercriminals to purchase stolen credit cards, announced on Friday that they would permanently shut down the operation next month. The illegal card shop opened in 2014 and became famous for providing fresh stolen credit card data and a promise of card validity; some of the cards were touted to be exclusive to Joker's Stash.

The administrator of Joker's Stash, a popular and one of the longest-running marketplace for cybercriminals to purchase stolen credit cards, announced on Friday that they would permanently shut down the operation next month. The illegal card shop opened in 2014 and became famous for providing fresh stolen credit card data and a promise of card validity; some of the cards were touted to be exclusive to Joker's Stash.