Welcome to Reflectiz team news pick from November and December 2019. These months were particularly busy for us. Our team participated in 2 important conferences – InfoSecurity North-America and e-Crime & Cybersecurity Benelux, presenting to CiSOs and cyber-security teams the next generation of web third-party risk mitigation solution. Busy as it can be, our staff still got you the best highlighted news pieces about third-party risks, Magecart attacks and other must-read cybersecurity updates. Read on!
“A decade of hacking: The most notable cyber-security events of the 2010s”
In the beginnings of the 2010’s the Stuxnet worm hit the Iranian nuclear weapon program and started one of the most exciting decades of cyber-security. The ZDnet article provides us an interesting overview of the past and between the lines, an important glimpse to what we can expect. From our standpoint we noticed two important events. The first one is a side-event, referring to the rise (and fall) of crypto-jacking, which involved a JavaScript file to mine cryptocurrency.
The second one refers to the fact that the Magecart cybercrime group went mainstream. This is surely one of the most important wakeup calls that every security team member must take into account from now on.
Read the original article by Catalin Cimpanu, ZDNet: A decade of hacking: The most notable cyber-security events of the 2010s
“7 Alarming Signs That Magecart Attacks Are Here to Stay”
In case you wonder if Magecart is just a temporary hacking trend, the answer is once again: no! HackerNoon is joining a long list of well-established cyber-security magazines and professionals saying that Magecart has turned into a real concern for organizations all over. Hackernoon’s Syed Hassan publishes a brilliant piece, naming 7 really alarming signs that Magecart is a lasting serious threat. As Hassan writes “The worst part about these attacks is that both the customer and e-commerce business are unaware of it.” This is off-course another red flag, going way beyond traditional Magecart targets or e-commerce websites, and it definitely becomes relevant for every organization that uses JavaScript code on its website, especially those that deal with any kind of sensitive information. “It’s ability to work in the background without getting spotted makes them even more lethal.” Is probably the most alarming conclusion of this article. In this case, we cannot allow ourselves to forget that this very disturbing conclusion is also correct for any other exploitation of installed third-party code and its ecosystem in targeted website – such as remote domains or cases where site vendors are tracking user data, from privacy perspective.
Read the original article by Syed Hassan, HackerNoon: 7 Alarming Signs That Magecart Attacks Are Here to Stay
“Macy’s Customer Payment Info Stolen in Magecart Data Breach”
In mid-November 2019 Macy’s officials announced the following statement: “On October 15, 2019, we were alerted to a suspicious connection between macys.com and another website. Our security teams immediately began an investigation. Based on our investigation, we believe that on October 7, 2019 an unauthorized third party added unauthorized computer code to two (2) pages on macys.com.”
According to the announced the data breach involved malicious scripts that stole customer’s payment information. Unsurprisingly, the breach was identified as another Magecart attack and as in previous attacks, the breach was discovered only after few days. This incident adds Macy’s to a long list of high-profile companies such as British-Airways, NewEgg, Ticketmaster and Forbes that were hit by the Magecart cybercrime group.
Read the original article by Lawrence Abrams, Bleepingcomputer: Macy’s Customer Payment Info Stolen in Magecart Data Breach
Subscribe to our newsletter
Stay updated with the latest news, articles, and insights from Reflectiz.
Your Website looks great!
But what’s happening behind the scenes?
Discover your website blind spots and vulnerabilities before it’s too late!