Credit card skimming on the rise for the holiday shopping season

https://www.malwarebytes.com/blog/threat-intelligence/2023/11/credit-card-skimming-on-the-rise-for-the-holiday-shopping-season

#kritec #cardskimming #ecommerce

Some Magecart IOCs. This is the #Kritec skimmer (https://www.malwarebytes.com/blog/threat-intelligence/2023/04/kritec-art)

lemodigit[.]online
macsetech[.]online
mopedigit[.]shop
ttewe[.]quest
yalomob[.]pics

yalomob[.]pics/mage-cache-loader-v2-4.min.js
ttewe[.]quest/cleanfeed-loader.js

#Magecart #iocs #threatintel

Another week, another newsletter - catch up on the week's infosec news here:

https://opalsec.substack.com/p/soc-goulash-weekend-wrap-up-240423-300423

Researchers have found that nearly two years on, 2 in 3 installs of #Apache #Superset are still using default Flask Secret Keys - a configuration flaw which would allow an attacker to forge session cookies and access said servers with full administrative privileges.

#Kritec is a commodity #skimmer found installed on compromised #Magecart sites, with its code heavily obfuscated and customised to match the site's aesthetic in order to con users out of credit card details.

#FIN7 look to be popping instances of the #Veeam backup software that are unpatched for a recent vulnerability; a revised #ViperSoftX #infostealer now targets #1password and #keepass password vaults, and #TA505 deliver a new infostealer through a #GoogleAds campaign

#LockBit & #CL0P ransomware affiliates have been abusing a month-old vulnerability in the #PaperCut print management software to drop ransomware. With the cat out of the bag, security researchers have decided now is a great time to drop a PoC exploit on Github - I mean, why not let the skiddies get in on the action too, right?

The #blueteam have some great research worth reading on #Smishing via #AWS; detections for #SliverC2 and different implementations of #PsExec, as well as #Sigma integration for #SentinelOne and a #KQL hack for monitoring LOLDrivers.

Have a great week ahead folks, I hope this newsletter proves helpful!

https://opalsec.substack.com/p/soc-goulash-weekend-wrap-up-240423-300423

#infosec #cyber #news #newsletter #cybernews #infosec #infosecnews #informationsecurity #cybersecurity #hacking #security #technology #hacker #vulnerability #vulnerabilities #malware #ransomware #affiliate #dfir #soc #threatintel #threatintelligence #threathunting #detection #threatdetection #detectionengineering #flask #python #fraud #malvertising #clop #PoC #exploit #securityresearch #LOLBAS #LOLBIN #BYOVD