12 sept 2018 año - Intrusion of credit card -stealing code that pwned British Airways, Ticketmaster
Descripción:
https://www.theregister.co.uk/2018/09/12/feedify_magecart_javascript_library_hacked/
https://www.bleepingcomputer.com/news/security/newegg-credit-card-info-stolen-for-a-month-by-injected-magecart-script/
Security Insider threat
Card-stealing code that pwned British Airways, Ticketmaster pops up on more sites via hacked JS
Feedify's whack-a-mole with MageCart malware miscreants
By Shaun Nichols in San Francisco 12 Sep 2018 at 20:34
65 Reg comments SHARE ▼
People playing whack-a-mole game
A Javascript library hosted by Feedify and used by e-commerce websites globally has been repeatedly infected this week to potentially siphon off countless victims' bank card details to crooks.
The library code is typically embedded into retail webpages by site administrators and developers to add a means for shoppers to leave customer feedback. That code – feedbackembad-min-1.0.js – is served from Feedify's web servers, and has been repeatedly tampered with by hackers to include the MageCart malware. This malicious software seeks out credit card details entered on the compromised webpages, and phones them home to an outside server controlled by fraudsters.
Thus, if someone visits a website that includes Feedify's vandalized code, their browser will pull in the MageCart malware from Feedify's servers as well as the feedback form, and this will then snoop on and siphon off any sensitive information, such as payment card data, typed in and submitted.
Therefore, any number of netizens using one of the e-commerce and hotel websites relying on Feedify's code were potentially at risk of having their information swiped and used by fraudsters to go on spending sprees with their banking accounts. Feedify claims 4,000-plus websites use its code; a quick search showed at least a few hundred using this particular feedback library.
Añadido al timeline:
Timeline of Cyber Security Incidents
Prepared by https://cybersecurity.wtf/
fecha:
