dcsimg

Fintech industry developments, differences between Europe and the US

“Put your money in the bank and you can watch it grow.” If there is a statement that shows us how much the financial world has changed it’s this one. With the introduction of negative interest, companies and consumers with a large amount of liquid assets are looking for a different way to handle those assets. This is where the innovative fintech industry comes into play. What is … [Read more...]

Credit card skimmer targets ASP.NET sites

Cybercriminals typically focus on targets that can get them the highest return with the least amount of effort. This is often determined by their ability to scale attacks, and therefore on how prevalent a vulnerability or target system is. Enter: the credit card skimmer. In the world of digital skimming, we’ve seen the most activity on e-commerce content management systems (CMSes), such … [Read more...]

Important tips for safe online shopping post COVID-19

As more and more countries order their citizens inside in response to COVID-19, online shopping—already a widespread practice—has surged in popularity, especially for practical items like hand sanitizer, groceries, and cleaning products. When people don’t feel safe outside, it’s only natural they’d prefer to shop as much as possible from the safety of their own homes. Unfortunately, you can … [Read more...]

Fraudsters cloak credit card skimmer with fake content delivery network, ngrok server

Threat actors love to abuse legitimate brands and infrastructure—this, we know. Last year we exposed how web skimmers had found their way onto Amazon’s Cloudfront content delivery network (CDN) via insecure S3 buckets. Now, we discovered scammers pretending to be CDNs while exfiltrating data and hiding their tracks—another reason to keep watchful eye on third-party content. Sometimes, … [Read more...]

Fintech security: the challenges and fails of a new era

“I have no idea how this app from my bank works, and I don’t trust what I don’t understand.” Josh is not an old curmudgeon or luddite. He’s 42 with a decent understanding of technology. Nevertheless, the changes in fintech have come too fast for him. It’s not that he doesn’t trust his bank. He doesn’t trust himself to use and manage the banking app … [Read more...]

6 ways hackers are targeting retail businesses

Retail hacking is no new phenomenon, although it has increased in frequency over the last few years. In fact, retailers experienced more breaches than any other industry in 2019, and they’ve lost over $30 billion to cybersecurity attacks. Both brick-and-mortar and online businesses experience retail hacking. Cybercriminals must often work harder to access online stores because these … [Read more...]

New evasion techniques found in web skimmers

For a number of years, criminals have been able to steal credit card details from unaware online shoppers without attracting too much attention. Few people in the security industry were talking about these credit card web skimmers, both server-side and client-side, before the latter became largely known as Magecart. It took some major incidents, notably the Ticketmaster and British Airways … [Read more...]

There’s an app for that: web skimmers found on PaaS Heroku

Criminals love to abuse legitimate services—especially platform-as-a-service (Paas) cloud providers—as they are a popular and reliable hosting commodity used to support both business and consumer ventures. Case in point, in April 2019 we documented a web skimmer served on code repository GitHub. Later on in June, we observed a vast campaign where skimming code was injected into Amazon S3 … [Read more...]

Web skimmer phishes credit card data via rogue payment service platform

Heading into the holiday shopping season, we have been tracking increased activity from a threat group registering domains for skimming and phishing campaigns. While most of the campaigns implemented a web skimmer in the typical fashion—grabbing and exfiltrating data from a merchant’s checkout page to an attacker-controlled server—a new attack scheme has emerged that tricks users into … [Read more...]

No summer break for Magecart as web skimming intensifies

This summer, you are more likely to find the cybercriminal groups Magecart client-side rather than poolside. Web skimming, which consists of stealing payment information directly from within the browser, is one of today’s top web threats. Magecart, the group behind many of these attacks, gained worldwide attention with the British Airways and TicketMaster breaches, costing the former … [Read more...]