Security News

Cybercriminals Use Unicode to Hide Mongolian Skimmer in E-Commerce Platforms
2024-10-10 07:18

Cybersecurity researchers have shed light on a new digital skimmer campaign that leverages Unicode obfuscation techniques to conceal a skimmer dubbed Mongolian Skimmer. "At first glance, the thing...

WordPress Plugin Exploited to Steal Credit Card Data from E-commerce Sites
2024-05-28 06:30

Unknown threat actors are abusing lesser-known code snippet plugins for WordPress to insert malicious PHP code in victim sites that are capable of harvesting credit card data. The campaign,...

Hackers Exploit Magento Bug to Steal Payment Data from E-commerce Websites
2024-04-06 09:43

Threat actors have been found exploiting a critical flaw in Magento to inject a persistent backdoor into e-commerce websites. The attack leverages CVE-2024-20720 (CVSS score: 9.1), which has been...

Rogue WordPress Plugin Exposes E-Commerce Sites to Credit Card Theft
2023-12-22 16:47

Threat hunters have discovered a rogue WordPress plugin that's capable of creating bogus administrator users and injecting malicious JavaScript code to steal credit card information. The skimming...

Rise in automated attacks troubles ecommerce industry
2023-11-17 04:00

Automated attacks on application business logic, carried out by sophisticated bad bots, were the leading threat for online retailers, according to Imperva. In the past year, business logic attacks made up 42.6% of attacks on retail sites - up from 26% during the same period in the prior year.

Cyberattacks Targeting E-commerce Applications
2023-08-28 11:27

To the importance of application security testing, we will also discuss the different areas of vulnerability testing and its various phases. Finally, we will provide details on how a long-term preventative solution such as PTaaS can protect e-commerce businesses and the differences between continuous testing and standard pen testing.

The road ahead for ecommerce fraud prevention
2023-08-17 04:30

Ecommerce platforms are incorporating sophisticated fraud detection measures, but fraudsters, too, are refining their strategies. In this Help Net Security interview, Eduardo Mônaco, CEO at ClearSale, explains the complexities of ecommerce fraud, discussing the evolution of fraudster tactics, the effectiveness of social footprint analysis in confirming identity, the balance between fraud prevention and customer experience, and techniques to address more advanced fraud types.

Ongoing Xurum Attacks on E-commerce Sites Exploiting Critical Magento 2 Vulnerability
2023-08-14 13:14

E-commerce sites using Adobe's Magento 2 software are the target of an ongoing campaign that has been active since at least January 2023. The attacks, dubbed Xurum by Akamai, leverage a now-patched critical security flaw in Adobe Commerce and Magento Open Source that, if successfully exploited, could lead to arbitrary code execution.