Holiday Shopping Craze, COVID-19 Spur Retail Security Storm

Veracode's Chris Eng discusses the cyber threats facing shoppers who are ... Holiday Shopping Craze, COVID-19 Spur Retail Security Storm.

Experts Weigh in on E-Commerce Security Amid Snowballing Threats

Experts Weigh in on E-Commerce Security Amid Snowballing Threats. How a retail sector reeling from COVID-19 can lock down their online systems to prevent fraud during the upcoming holiday shopping spike. ... But experts are warning retailers not to focus only on one threat or on protecting one particular system.

Critical Magento Holes Open Online Shops to Code Execution

Adobe says the two critical flaws (CVE-2020-24407 and CVE-2020-24400) could allow arbitrary code execution as well as read or write access to the database.

Boom! Mobile Customer Data Lost to Fullz House/Magecart Attack

Boom! Mobile Customer Data Lost to Fullz House/Magecart Attack. The Magecart spinoff group targeted the wireless service provider in an odd choice of victim. Boom! Mobile's U.S. website recently fell victim to an e-commerce attack, putting online shoppers in danger of payment-card theft, researchers said.

Magecart Attack Impacts More Than 10K Online Shoppers

Close to 2,000 e-commerce sites were infected over the weekend with a payment-card skimmer, maybe the result of a zero-day exploit.

Magecart Credit-Card Skimmer Adds Telegram as C2 Channel

In a rare move, the encrypted messaging service is being used to send stolen payment-card data from websites back to cybercriminals.

Magecart’s Success Paves Way For Cybercriminal Credit Card 'Sniffer' Market

Magecart's successes have led to threat actors actively advertising 'sniffers' that can be injected into e-commerce websites in order to exfiltrate payment cards. The Magecart threat group has dominated headlines for its use of malicious JavaScript code, which is injected into e-commerce websites to exfiltrate customer payment card data. But new research points to a growing industry on underground forums where so-called “sniffers” are being advertised, sold and regularly updated.

Critical Magento Flaws Allow Code Execution

Adobe has released patches for critical and important-severity flaws in its popular Magento e-commerce platform.