JavaScript
What are script-based attacks and what can be done to prevent them?
Attackers always seek out new ways to evade detection. As most endpoint security products handle file-based attacks relatively well, scripts are an excellent way for attackers …
Most global brands fail to implement security controls to prevent data leakage and theft
The global pandemic has seen the web take center stage. Banking, retail and other industries have seen large spikes in web traffic, and this trend is expected to become …
Magecart Group 8 skimmed card info from 570+ online shops
Your payment card information got stolen but you don’t know how, when and where? Maybe you shopped on one of the 570 webshops compromised by the Keeper Magecart group …
Macy’s online store compromised in Magecart-style attack
The webshop of noted U.S. department store company Macy’s has been compromised and equipped with an information-stealing JavaScript, which ended up collecting …
VisibleV8: Stealthy open source tool for monitoring JavaScript in the wild
An open source tool that allows users to track and record the behavior of JavaScript programs without alerting the websites that run those programs has been developed at North …
Cybercriminals plan to make L7 routers serve card stealing code
One of the Magecart cybercriminal groups is testing a new method for grabbing users’ credit card info: malicious skimming code that can be loaded into files used by L7 …
Magecart compromised 17,000+ sites through unsecured Amazon S3 buckets
We often hear about misconfigured Amazon S3 buckets exposing sensitive business and customer data, but there’s another present danger: Magecart attackers have been …
Attackers are exploiting WordPress plugin flaw to inject malicious scripts
Attackers are leveraging an easily exploitable bug in the popular WP Live Chat Support plugin to inject a malicious JavaScript in vulnerable sites, Zscaler warns. The company …
Compromised ad company serves Magecart skimming code to hundreds of websites
Security researchers have flagged a new web-based supply chain attack by one of the cybercriminal groups that fall under the Magecart umbrella. The attackers managed to …
Magecart compromises Feedify to get to hundreds of e-commerce sites
Customer engagement service Feedify has been hit by Magecart attackers, who repeatedly modified a script that it serves to a few hundred websites to include payment card …
Zip Slip vulnerability affects thousands of projects
An arbitrary file overwrite vulnerability that can be exploited by attackers to achieve code execution on a target system affects a myriad of projects and multiple ecosystems, …
Thousands of government, orgs’ websites found serving crypto mining script
On Sunday, over 4,200 websites around the world started hijacking visitors’ browsers to mine the Monero crypto currency. The attack The problem was first noticed and …