CYBER 101

  • Alerts
  • Blog
  • Cyber Briefing
  • CyberDecoded
  • CyberReview
  • CyberStory
  • CyberTips
  • Domains
  • FAQ
  • Incidents
  • Tutorials

Subscribe to our newsletter

FOLLOW US

No Result
View All Result
  • Login
  • Register
  • Cyber Citizens
  • Cyber Professionals
  • Institutions
CyberMaterial
  • Jobs
  • Vendors
Get Help
  • Cyber Citizens
  • Cyber Professionals
  • Institutions
CyberMaterial
No Result
View All Result
  • Jobs
  • Vendors
Get Help
CyberMaterial
Home Alerts

New Magecart campaign said to target at least 44 e-commerce sites

Reading Time: 2 mins read
in Alerts

 

Researchers on Monday discovered a new Magecart campaign that has impacted at least 44 e-commerce sites.

In a blog post, Jscrambler researchers said the incident underscores how risky client-side security can be if the web supply chain is left unchecked. The researchers said in what appears as a new way to acquire victims cheaply and easily, attackers took over a defunct internet domain that previously hosted a JavaScript library decommissioned in December 2014.

The researchers said companies running the JavaScript failed to remove it from their website, likely because of a lack of visibility into third-party scripts and/or poor security policies.

This attack has been underway since Dec. 20, 2021, and uses a loader script that resembles Google Analytics, a common JavaScript included in many websites. Another version aims to resemble Google Tag Manager, the researchers said, done for deception only, as the real endpoint to contact is encrypted or encoded.

The new findings illustrate the threat actor’s continued abuse of Internet Explorer flaws such as CVE-2020-1380 and CVE-2021-26411 to drop backdoors like BLUELIGHT and Dolphin, the latter of which was disclosed by Slovak cybersecurity firm ESET late last month.

Another key tool in its arsenal is RokRat, a Windows-based remote access trojan that comes with a wide range of functions that allow it to capture screenshots, log keystrokes, and even harvest Bluetooth device information.

 

READ FULL ARTICLE

Tags: AlertsAlerts 2022December 2022EcommerceGoogle AnalyticsGoogle Tag ManagerJavascriptMagecart campaign
ADVERTISEMENT

Related Posts

GoAnywhere MFT Users Warned of Zero-Day Exploit

GoAnywhere MFT Users Warned of Zero-Day Exploit

February 6, 2023
PixPirate: New Android Banking Trojan Targeting Brazilian Financial Institutions

PixPirate: New Android Banking Trojan Targeting Brazilian Financial Institutions

February 6, 2023
Massive Ransomware Campaign Targets VMware ESXi Servers

Massive Ransomware Campaign Targets VMware ESXi Servers

February 6, 2023
Stealthy HeadCrab Malware Compromised Over 1,200 Redis Servers

Stealthy HeadCrab Malware Compromised Over 1,200 Redis Servers

February 2, 2023

More Articles

Alerts

Adobe security advisory (AV23-014)

January 10, 2023
Alerts

Ransomware Alert: AvosLocker Hits Critical Infrastructure

March 21, 2022
Tool

Best Automation Testing Tools (Free and Paid) | Oct 2021 Update

March 30, 2022
Alerts

Johnson Controls security advisory

July 22, 2022
Book

The Modern Security Operations Center

March 15, 2022
Incidents

Cosmetics company Clarins hit by data security incident, ‘may involve’ Singapore customers’ personal information

January 11, 2022
Quotes

“The more people understand who you are…”

May 17, 2021
Incidents

Luxury hotel chain in Thailand reports data breach

October 29, 2021
Load More

Security through data

Cybersecurity Domains

  • API Security
  • Business Continuity
  • Career Development
  • Compliance
  • Cryptography
  • HSM
  • KPIs / KRIs
  • Penetration Testing
  • Shift Left
  • Vulnerability Scan

Emerging Technologies

  • 5G
  • Artificial Intelligence
  • Blockchain
  • Cryptocurrency
  • Deepfake
  • E-Commerce
  • Healthcare
  • IoT
  • Quantum Computing

Frameworks

  • CIS Controls
  • CCPA
  • GDPR
  • NIST
  • 23 NYCRR 500
  • HIPAA

Repository

  • Books
  • Certifications
  • Definitions
  • Documents
  • Entertainment
  • Quotes
  • Reports

Threats

  • APTs
  • DDoS
  • Insider Threat
  • Malware
  • Phishing
  • Ransomware
  • Social Engineering

© 2023 | CyberMaterial | All rights reserved.

World’s #1 Cybersecurity Repository

  • About
  • Legal and Privacy Policy
  • Site Map
No Result
View All Result
  • Audience
    • Cyber Citizens
    • Cyber Professionals
    • Institutions
  • Highlights
    • Blog
    • CyberDecoded
    • Cyber Review
    • CyberStory
    • CyberTips
  • Cyber Risks
    • Alerts
    • Attackers
    • Domains
    • Incidents
    • Threats
  • Opportunities
    • Events
    • Jobs
  • Repository
    • Books
    • Certifications
    • Cheat Sheets
    • Courses
    • Definitions
    • Frameworks
    • Games
    • Hardware Tools
    • Memes
    • Movies
    • Papers
    • Podcasts
    • Quotes
    • Reports
  • Report Cyber Incident
  • GET HELP

Subscribe to our newsletter

© 2022 Cybermaterial - Security Through Data .

Welcome Back!

Sign In with Google
Sign In with Linked In
OR

Forgotten Password? Sign Up

Create New Account!

Sign Up with Google
Sign Up with Linked In
OR

All fields are required. Log In

Retrieve your password

Please enter your username or email address to reset your password.

Log In

Add New Playlist

This website uses cookies. By continuing to use this website you are giving consent to cookies being used. Visit our Privacy and Cookie Policy.