Sansec - experts in eCommerce security

フィード

記事のアイキャッチ画像
Criminals have rewired 3,500 online stores
Sansec - experts in eCommerce security
Criminals have secretly rewired 3,500 online stores to continuously harvest credit card numbers. The fraud can be traced back as far as May 12th 2015, so if you have bought something at one of thes...
9年前
記事のアイキャッチ画像
Visbot malware found on 6691 stores [analysis]
Sansec - experts in eCommerce security
Visbot is one of the oldest Magecart payment skimmers: it steals customer data and credit cards. The first case was documented as early as March 2015. But being publicly discussed did not stop it ...
8年前
記事のアイキャッチ画像
Self-healing malware restores itself after deletion
Sansec - experts in eCommerce security
Regular Javascript-based malware is normally injected in the static header or footer HTML definitions in the database. Cleaning these records used to be sufficient to get rid of the malware. But n...
8年前
記事のアイキャッチ画像
An OpenCart/Magento hacking dashboard
Sansec - experts in eCommerce security
This post shows how sophisticated Magento hacking operations have become nowadays.While investigating a bruteforced Magento store, we noticed that the hacker logged in using a curious referrer sit...
8年前
記事のアイキャッチ画像
A Magento breach analysis: part 1
Sansec - experts in eCommerce security
Part of a series where Magento security professionals share their case notes, so that we can ultimately distill a set of best practices, tools and workflow.Part of the job of running the MageRepo...
8年前
記事のアイキャッチ画像
Warning: fake Magento patch 9789 contains virus
Sansec - experts in eCommerce security
Update May 21st: a similar phishing mail circulates about a fake patch SUPEE-1798.Update Apr 22nd: added reference to Neutrino Bot and POS systemsThis week a mail was sent out to announce the ne...
8年前
記事のアイキャッチ画像
Why ordering HTTP headers is important
Sansec - experts in eCommerce security
If you code against Akamai hosted sites, you could be rejected because your HTTP library sends request headers in the wrong order. In fact, most libraries use undefined order, as the IETF specifica...
8年前
記事のアイキャッチ画像
Cryptojacking found on 2496 online stores
Sansec - experts in eCommerce security
Does your laptop get hot when visiting your favorite shop? You computer is likely mining cryptocurrencies to the benefit of a cyberthief.Cryptojacking - running crypto mining software in the brow...
7年前
記事のアイキャッチ画像
Hackers breached Magento through helpdesk
Sansec - experts in eCommerce security
Magento merchants have recently received messages like this:Hey, I strongly recommend you to make a redesign! Please contact me if you need a good designer! -- [email protected] closer exa...
7年前
記事のアイキャッチ画像
MagentoCore group hacks 7,339 stores and counting
Sansec - experts in eCommerce security
A single group is responsible for planting skimmers on 7339 individual stores in the last 6 months. The MagentoCore skimmer is now the most successful to date.Update 2018-09-07: Because Google Chr...
6年前
記事のアイキャッチ画像
Is your Google Analytics code malicious?
Sansec - experts in eCommerce security
Would you - a webdeveloper - get alarmed if you found the following code on your website? Probably not, as Google Analytics is embedded in pretty much every website these days:<script type=&quo...
6年前
記事のアイキャッチ画像
ABS-CBN next in series of high profile breaches
Sansec - experts in eCommerce security
While Filipinos are recovering from typhoon Mangkhut, another misfortune awaits them online. We found their broadcasting giant ABS-CBN − a $740 million conglomerate & top-500 global Internet de...
6年前
記事のアイキャッチ画像
MageCart: now with tripwire
Sansec - experts in eCommerce security
Back in 2016, Magecart skimmers would evade detection by sleeping if any developer tools were found running. Then, their malware would 404 without correct Referer or User-Agent header. And now, Ma...
6年前
記事のアイキャッチ画像
German political party store hacked before election
Sansec - experts in eCommerce security
The store of German political party CSU (www.csu-shop.de) contains an identity skimmer that was planted on or before Oct 5th, right before the Bavarian election on Oct 14th. Personal identifyable ...
6年前
記事のアイキャッチ画像
Unpublished security flaws (0days) massively exploited
Sansec - experts in eCommerce security
Online credit card theft has been all over the news: criminals inject hidden card stealers on legitimate checkout pages. But how are they are able to inject anything in the first place? As it turn...
6年前
記事のアイキャッチ画像
Backdoor found in Webgility
Sansec - experts in eCommerce security
Update Nov 23rd: Webgility has released a patch and a public statement, urging all customers to upgrade to version 345.Update Nov 30th: Webgility has discovered another security issue and urges a...
6年前
記事のアイキャッチ画像
Merchants struggle with MageCart reinfections
Sansec - experts in eCommerce security
1 in 5 compromised merchants get reinfected, average skimming operation lasts 13 daysMageCart, the notorious actors behind massive online card skimming, has been busy. And so have we: our crawlers...
6年前
記事のアイキャッチ画像
Competing digital skimmers sabotage each other
Sansec - experts in eCommerce security
Skimmers found to subtly sabotage each others fraud operationsCompetition is grim in the online skimming business (aka "MageCart"). The aggressive MagentoCore skimmer was previously obs...
6年前
記事のアイキャッチ画像
PHP tool 'Adminer' leaks passwords
Sansec - experts in eCommerce security
Update 2019-01-20: the root cause is a protocol flaw in MySQL.Adminer is a popular PHP tool to administer MySQL and PostgreSQL databases. However, it can be lured to disclose arbitrary files. Atta...
6年前
記事のアイキャッチ画像
Large sites hacked via Adminer database tool
Sansec - experts in eCommerce security
This week I discovered that large ecommerce and government sites got hacked via the Adminer database tool. As it turns out, the root cause is a protocol flaw in MySQL. Curiously, it is described in...
6年前
記事のアイキャッチ画像
Bad extensions now main source of Magento hacks: a solution!
Sansec - experts in eCommerce security
In October last year I discovered several Magento extension 0days. As it turns out, this was only the tip of the iceberg: today, insecure 3rd party extensions are used to hack into thousands of sto...
6年前
記事のアイキャッチ画像
Credit cards of Atlanta Hawks fans stolen
Sansec - experts in eCommerce security
MageCart attacks on online stores surged last year, culminating in the hack of British Airways and Ticketmaster. This year the trend continues with another high-profile target. The Atlanta Hawks sh...
6年前
記事のアイキャッチ画像
57 payment gateways from Germany to Brazil targeted
Sansec - experts in eCommerce security
Sansec discovered a polymorphic skimmer that works with 57 different payment gateways. It has global reach, affecting payment systems from Germany to Brazil. It is by far the most advanced skimmer ...
6年前
記事のアイキャッチ画像
Sports brand Puma infected with advanced malware
Sansec - experts in eCommerce security
After the NBA Hawks got skimmed last week, this time Puma's Australian customers are cannon fodder for Magecart thieves. Anyone who ordered a pair of sneakers online, had their name, address and cr...
6年前
記事のアイキャッチ画像
Critical Magento 2 flaw exploited within 16 hours
Sansec - experts in eCommerce security
The number of hacked Magento 2 stores spiked in the last four weeks, after a critical security flaw was discovered in March and criminals stole admin passwords within 16 hours. Merchants are advise...
6年前
記事のアイキャッチ画像
PCI-SSC/RHISAC quote Sansec: 20% stores reinfected
Sansec - experts in eCommerce security
The PCI Security Standards Council and the Retail & Hospitality ISAC alert merchants to the threat of digital skimming. In its report, it quotes Sansec research, which has found that about 20% ...
5年前
記事のアイキャッチ画像
Sansec at Europol training: 50,000+ stores hacked
Sansec - experts in eCommerce security
Cementing itself as a global force in the protection against eCommerce fraud, Sansec has been invited to speak at the fifth edition of Europol’s Training Course on Payment Card Fraud Forensic Inves...
5年前
記事のアイキャッチ画像
FBI recommends eCommerce malware protection
Sansec - experts in eCommerce security
The FBI warns small and medium-sized businesses and government agencies against the threat of e-skimming. E-skimming occurs when cyber criminals inject malicious code onto a website.Read the origi...
5年前
記事のアイキャッチ画像
Magento security extentions vendor got hacked
Sansec - experts in eCommerce security
The store of a US Magento extension vendor was found compromised. Attackers had write access to the server selling extensions. We are awaiting a statement on the integrity of downloaded software.O...
5年前
記事のアイキャッチ画像
American Cancer Society hit by payment skimmer
Sansec - experts in eCommerce security
Digital skimming groups (aka Magecart) hit another low, as they successfully targeted the American Cancer Society last night. Our skimmer detectors found a piece of malicious code embedded on the C...
5年前
記事のアイキャッチ画像
Payment skimmers have impersonated Sansec
Sansec - experts in eCommerce security
Payment skimmers are hiding their malpractice by impersonating our Sansec anti-skimming service. They have registered malicious domains sansec.us and sanguinelab.net, even using a fake address in A...
5年前
記事のアイキャッチ画像
Indonesian Magecart hackers arrested
Sansec - experts in eCommerce security
The Indonesian police announced on Friday that they have arrested three alleged Magecart hackers on December 20th. The suspects are from Jakarta and Yogyakarta and are 23, 26 and 35 years old. Afte...
5年前
記事のアイキャッチ画像
Maxcluster and Sansec partner to secure German stores
Sansec - experts in eCommerce security
Utrecht, February 20; Sansec is proud to announce that it hasformed a long-term strategic partnership with maxcluster to bring itsindustry-leading anti-malware technology to the German e-commerce...
5年前
記事のアイキャッチ画像
Sansec reveals longest Magecart skimming operation to date [Analysis]
Sansec - experts in eCommerce security
Sansec, a global leader in eCommerce security, reveals that hackers successfully infiltrated an online printing platform for more than two and a half years. Our research shows that crooks ran keylo...
5年前
記事のアイキャッチ画像
Magento 1 still PCI compliant after 1 July 2020?
Sansec - experts in eCommerce security
Magento 1 will no longer receive official updates & security fixes per July 1st, 2020 (the end-of-life, or EOL date). Merchants are urged to upgrade to Magento 2, but for many stores this deadl...
5年前
記事のアイキャッチ画像
Do these two things to keep your Magento 1 store running after June
Sansec - experts in eCommerce security
Over a 100 thousands Magento 1 stores will be running after Adobe terminates support in June (end-of-life). Many merchants need more time to transition to Magento 2 or another platform. No need to ...
5年前
記事のアイキャッチ画像
Lockdown: Stores closed, online stores hacked
Sansec - experts in eCommerce security
While an international retail chain closed its physical stores, attackers hacked its online presence, Sansec research shows. Following common Magecart malpractice, payment skimmers were injected an...
5年前
記事のアイキャッチ画像
Digital skimmer runs entirely on Google, defeats CSP
Sansec - experts in eCommerce security
A newly discovered skimming campaign runs entirely on Google servers, Sansec research shows. The novel malware sends stolen credit cards directly to Google Analytics, evading security controls like...
4年前
記事のアイキャッチ画像
North Korean hackers are skimming US and European shoppers
Sansec - experts in eCommerce security
Previously, North Korean hacking activity was mostly restricted to banks and South Korean crypto markets^cryptohack, covert cyber operations that earned hackers $2 billion, according to a 2019 Unit...
4年前
記事のアイキャッチ画像
Cardbleed: 3% of Magento install base hacked
Sansec - experts in eCommerce security
Update Sept 18: Cardbleed has infected 2806 Magento1 stores so far (3% of total install base)Over the weekend, almost two thousand Magento 1 stores across the world have been hacked in the largest...
4年前
記事のアイキャッチ画像
Payment skimmer hides in social media buttons
Sansec - experts in eCommerce security
Researchers at Sansec have uncovered a novel technique to inject payment skimmers onto checkout pages. This new malware has two parts: a concealed payload and a decoder, of which the latter reads t...
4年前
記事のアイキャッチ画像
Hackers exploit security flaw right before Black Friday
Sansec - experts in eCommerce security
The affected stores were all running the older Magento 2.2, which is unsupported since December 2019.In addition to the injected flaw, attackers used a hybrid skimming architecture, with front and...
4年前
記事のアイキャッチ画像
eCommerce trojan accidentally leaks victims
Sansec - experts in eCommerce security
Sansec discovered a clever remote access trojan (RAT) that has been hiding in the alleys of hacked eCommerce servers. Despite the advanced setup, perpetrators mistakenly left a list of victim store...
4年前
記事のアイキャッチ画像
Fake payment page before checkout on Shopify and BigCommerce
Sansec - experts in eCommerce security
Once the data is intercepted and exfiltrated, the attackers display an error message and the customer is redirected to the real payment page. Customers probably just enter their details again and i...
4年前
記事のアイキャッチ画像
Google Apps Script used to steal data
Sansec - experts in eCommerce security
The Google business application platform Apps Script is used to funnel stolen personal data, Sansec learned. Attackers use the reputation of the trusted Google domain script.google.com to evade mal...
4年前
記事のアイキャッチ画像
Case Study: How eCommerce Hackers Silently Steal Credit Card Data
Sansec - experts in eCommerce security
This is what happened to one of our clients. Due to his attentiveness - and a bit of luck! - this merchant noticed some abnormalities in his store’s code. He wasn’t using our malware scanning techn...
4年前
記事のアイキャッチ画像
New linux_avp malware hits eCommerce sites
Sansec - experts in eCommerce security
A merchant recently reached out to us, after hiring two forensic companies but still having malware on his store. As we appreciate a challenge, our team got started and quickly discovered an intric...
3年前
記事のアイキャッチ画像
CronRAT malware hides behind February 31st
Sansec - experts in eCommerce security
At this time of year we typically see a surge in eCommerce attacks and new malware. Last week we analyzed a clever malware attacking online stores, and today we expose another, much more sophistica...
3年前
記事のアイキャッチ画像
NginRAT parasite targets Nginx
Sansec - experts in eCommerce security
Last week we exposed the CronRAT eCommerce malware, which is controlled by a Chinese server. Out of curiosity, we wrote a "custom" RAT client and waited for commands from the far east. Ev...
3年前
記事のアイキャッチ画像
Magento and the Log4j vulnerability
Sansec - experts in eCommerce security
Updated Dec 20th. This article describes how Magento is affected by the critical log4j vulnerability, and what you can (and should) do to prevent a hack.A critical vulnerability in the popular Log...
3年前
記事のアイキャッチ画像
NaturalFreshMall: a Magento Mass Hack
Sansec - experts in eCommerce security
More than 350 ecommerce stores infected with malware in a single day.Today our global crawler discovered 374 ecommerce stores infected with the same strain of malware. 370 of these stores load the ...
3年前
記事のアイキャッチ画像
Magento 2 critical vulnerability (CVE-2022-24086 & CVE-2022-24087)
Sansec - experts in eCommerce security
Update Feb 21st, 2022: Sansec has observed the first actual attacks in the wild. Patch now! Unfortunately, this validates our previous prediction that abuse would start within days. Attacks are com...
3年前
記事のアイキャッチ画像
Magento vendor Fishpig hacked, backdoors added
Sansec - experts in eCommerce security
Update 2022-09-13 FishPig has confirmed the incident and published a status page. It recommends customers to upgrade and/or reinstall all FishPig modules.Sansec discovered malware in the Fishpig ...
2年前
記事のアイキャッチ画像
Surge in Magento 2 template attacks
Sansec - experts in eCommerce security
Currently, Sansec eComscan is the only malware scanner that detects the injected remote access trojan (see Virustotal).223sam.jpg attackAll of the observed attacks have been interactive, possibly...
2年前
記事のアイキャッチ画像
Extortion of Magento merchants
Sansec - experts in eCommerce security
Related: many stores are occassionally contacted by "security researchers" who claim to have found a vulnerability and want a "bounty" to disclose it. In 99% of these cases, the...
2年前
記事のアイキャッチ画像
Adobe Commerce merchants to be hit with TrojanOrders this season
Sansec - experts in eCommerce security
After a quiet summer, the number of attacks targeting the mail template vulnerability in Magento 2 and Adobe Commerce is rising fast. Merchants and developers should be on the lookout for TrojanOrd...
2年前
記事のアイキャッチ画像
Fake Klaviyo accounts added to Magento
Sansec - experts in eCommerce security
Magento 2 template hacks have been raging since a month or two, and Sansec is closely tracking any new attack payloads. So far, we observed about 20 different payloads which all added a basic PHP b...
2年前
記事のアイキャッチ画像
Vendors defeat Magento security patch (+ simple check)
Sansec - experts in eCommerce security
BackgroundAdobe’s fix to CVE-2022-24086 was to remove “smart” mail templates. Many vendors were caught off guard and had to revert to the original functionality. In doing so, they unknowingly expo...
2年前
記事のアイキャッチ画像
Sansec analysis: 12% of online stores leak private backups
Sansec - experts in eCommerce security
It is a common practice to make ad-hoc backups during store platform maintenance. The problem, however, is that these backups often end up in a public folder. Perhaps the administrator intended to ...
2年前
記事のアイキャッチ画像
Postponed Exfiltration Evades Detection
Sansec - experts in eCommerce security
The domain gtag-analytics.com has recently emerged as a threat, employing various cunning techniques to evade detection and targeting unsuspecting users, but what makes it especially deceptive is i...
2年前
記事のアイキャッチ画像
Malware Persistence via Telegram and GitHub
Sansec - experts in eCommerce security
Attackers are devising ingenious methods to prolong their skimming activities, aiming for sustained persistence.The usual tactics, techniques, and procedures (TTP) include the creation of disposab...
1年前
記事のアイキャッチ画像
Is your store’s newsletter being used for phishing?
Sansec - experts in eCommerce security
Cybercriminals in eCommerce are diversifying their targets, now aiming at entire customer databases instead of just stealing credit cards. A recent incident revealed this trend: a hacked Magento ad...
1年前
記事のアイキャッチ画像
Magento wish list exploit bypasses WAF protection
Sansec - experts in eCommerce security
In recent weeks, Sansec observed a spike in hacked Magento 2 stores. Our investigations led to a (likely) single attacker, who used a combination of clever techniques to bypass WAFs and competing t...
1年前
記事のアイキャッチ画像
Sansec and Europol counter online skimming
Sansec - experts in eCommerce security
In a strategic alliance, Europol, the European Union Agency for Cybersecurity (ENISA), law enforcement from 17 nations, and key private sector entities such as Sansec, have aligned to counteract th...
1年前
記事のアイキャッチ画像
Sansec joins forces with Google's VirusTotal
Sansec - experts in eCommerce security
In January we announced our partnership with Europol and today, we are proud to be recognized by Google as experts in eCommerce security.Sansec and Google have agreed on a data exchange and we tru...
9ヶ月前
記事のアイキャッチ画像
Persistent Magento backdoor hidden in XML
Sansec - experts in eCommerce security
The following XML code was found in the layout_update database table and is responsible for periodic reinfections of your system.Attackers combine the Magento layout parser with the beberlei/asse...
9ヶ月前
記事のアイキャッチ画像
CosmicSting attack threatens 75% of Adobe Commerce stores
Sansec - experts in eCommerce security
Update June 27th: Adobe has now provided an official, isolated fix that can be applied to installations without requiring upgrade.Update June 27th: our partner Hypernode as actually observed the ...
6ヶ月前
記事のアイキャッチ画像
Polyfill supply chain attack hits 100K+ sites
Sansec - experts in eCommerce security
Update June 28th: We are flagging more domains that have been used by the same actor to spread malware since at least June 2023: bootcdn.net, bootcss.com, staticfile.net, staticfile.org, unionad...
6ヶ月前
記事のアイキャッチ画像
CosmicSting attacks have started hitting major stores
Sansec - experts in eCommerce security
API AbuseAs CosmicSting enables attackers to read any file, attackers can steal Magento's secret encryption key. This encryption key can generate JSON Web Tokens with full administrative API acces...
5ヶ月前
記事のアイキャッチ画像
Persistent backdoors injected on Adobe Commerce via new CosmicSting attack
Sansec - experts in eCommerce security
CosmicSting (CVE-2024-34102) allows arbitrary file reading on unpatched systems. When combined with CNEXT (CVE-2024-2961), threat actors can escalate to remote code execution, taking over the entir...
4ヶ月前
記事のアイキャッチ画像
CosmicSting attack & defense overview
Sansec - experts in eCommerce security
ImplicationsCosmicSting targets a critical bug in the Adobe Commerce and Magento platforms. Bad actors use it to read any of your files, such as passwords and other secrets. The typical attack str...
3ヶ月前
記事のアイキャッチ画像
Thousands of Adobe Commerce stores hacked in competing CosmicSting campaigns
Sansec - experts in eCommerce security
Sansec research shows that seven different groups have been hacking into 4275 online stores since the publication of CVE-2024-34102 (also known as CosmicSting) on June 11th. Despite ongoing warning...
3ヶ月前