malware Tag

Masquerading as Card-Skimmers: Are Attackers Doing More with Magecart?

While Magecart is well known as a malware hacking groups use to inject card-skimming scripts into e-commerce platforms, Prevailion researchers have detected many compromises with Magecart that suggest the malicious actors are not actually going after credit card data.  According to public data breach records, the credit card information of organizations from British Airways to NutriBullet, Tupperware, easyJet and Macy’s has been targeted in different card-skimming campaigns.  In July 2019, attackers leveraged a vulnerability in the e-commerce software platform Magento, which left more than 960 online retailers compromised in a single...

Share Post

Human Fallibility: A Threat that Flows Through Your Entire Downline

Earlier this year Dark Reading published a six part series, “Cybersecurity and the Human Element: We’re All Fallible,” in which the authors examined common mistakes of end users as well as the potential repercussions of human error. All signs supported their claim that we are indeed all fallible. Human beings are vulnerable to exploitation, but security practitioners know this. Thus, it's not really human beings that are the problem. The greater threat is that when attackers are successful through this vector, malware can infiltrate the network and hide out completely...

Share Post
What’s Missing in Third-Party Risk Assessments

What’s Missing in Third-Party Risk Assessments

Assessments are important. You’d be hard pressed to find any cybersecurity professional who would argue they aren’t needed, but the problem with third-party risk assessments is that they are far from comprehensive. Understanding the hygiene and potential vulnerabilities of an organization is incredibly important. But it doesn’t reveal the full picture.  Point-in-time assessment of an organization is not enough because it doesn’t offer an exhaustive understanding of the risks. There are dynamic--and often undetected--problems specific to malware delivered by extremely sophisticated and versatile threat actors. These actors have the ability to...

Share Post