Security News

Europol has notified over 400 websites that their online shops have been hacked with malicious scripts that steal debit and credit cards from customers making purchases. These attacks can go undetected for weeks or even several months, and depending on the popularity of the breached e-commerce platforms, cybercriminals can collect large numbers of payment card details.

The BidenCash stolen credit card marketplace is giving away 1.9 million credit cards for free via its store to promote itself among cybercriminals. BidenCash launched in early 2022 as a new marketplace on both the dark web and the clearnet, selling credit and debit cards that were stolen through phishing or skimmers on e-commerce sites.

Spanish airline Air Europa, the country's third-largest airline and a member of the SkyTeam alliance, warned customers on Monday to cancel their credit cards after attackers accessed their card information in a recent data breach. The credit card details exposed in the breach include card numbers, expiration dates, and the 3-digit CVV code on the back of the payment cards.

A sophisticated Magecart campaign has been observed manipulating websites' default 404 error page to conceal malicious code in what's been described as the latest evolution of the attacks. The...

A new Magecart card skimming campaign hijacks the 404 error pages of online retailer's websites, hiding malicious code to steal customers' credit card information. All websites feature 404 error pages that are displayed to visitors when accessing a webpage that does not exist, has been moved, or has a dead/broken link.

Cybersecurity researchers have shared the inner workings of an Android malware family called Fluhorse. The malware "Represents a significant shift as it incorporates the malicious components directly within the Flutter code," Fortinet FortiGuard Labs researcher Axelle Apvrille said in a report published last week.

Car mount and mobile accessory maker iOttie warns that its site was compromised for almost two months to steal online shoppers' credit cards and personal information. In a new data breach notification issued yesterday, iOttie says they discovered on June 13th that its online store was compromised between April 12th, 2023, and June 2nd with malicious scripts.

The number of stolen Asian credit card numbers appearing on darkweb crime marts has fallen sharply, cyber security firm Group-IB told Singapore's ATxSG conference on Thursday. Out of 29 million compromised accounts found on sale on the dark web, over 12 million featured top level domains related to India.

A new Magecart credit card stealing campaign hijacks legitimate sites to act as "Makeshift" command and control servers to inject and hide the skimmers on targeted eCommerce sites. A Magecart attack is when hackers breach online stores to inject malicious scripts that steal customers' credit cards and personal information during checkout.

The U.S. Department of Justice announced today the indictment of Russian citizen Denis Gennadievich Kulkov, suspected of running a stolen credit card checking operation that generated tens of millions in revenue. Kulkov is believed to have created the Try2Check underground service in 2005, a platform that soon became highly popular among cybercriminals in the illegal credit card trade and helped the suspect make at least $18 million in bitcoin.