Credit: Adobe Stock Images
According to The Hacker News, attacks have been introduced that exploit an already patched critical Magento vulnerability, known as CVE-2024-20720, in front of e-commerce to facilitate the distribution of a Stripe payment skimmer for monetary data leakage.
The Magento design analyzer and the default package “beberlei/assert” were exploited by malicious actors to allow the execution of the “sed” command in case of a “/checkout/cart” request, a command that facilitates the injection of a code. A backdoor that retrieves the skimmer, a Sansec report showed. Such discoveries come after Russian nationals suspected of belonging to a hacking organization were indicted through Russia’s Prosecutor General’s Office for their role in a card-hijacking attack.
“As a result, members of the hacker organization illegally seized the data of about 160,000 payment cards of foreign citizens and then resold them on ghost websites,” the Russian government claimed.
SC Staff April 10, 2024
The U. S. Environmental Protection Agency (EPA) The U. S. Department of Homeland Security revealed that information was leaked through the USDoD’s risk agent on BreachForums over the weekend to obtain information that had already been made public as part of the agency’s efforts to provide “a complete picture of environmental impacts. “Cyber news reports.
Group Health Cooperative of South Central Wisconsin saw the data of 533,809 people compromised as a result of a ransomware attack in late January, which ransomware operation BlackSuit had claimed, BleepingComputer reports.
The recordings were recovered from a cyberattack on a company that provides support services as part of a Breakdown of Justice court case.
By clicking the Subscribe button below, you agree to SC Media’s Terms and Conditions and Privacy Policy.