Security Alerts & News
by Tymoteusz A. Góral

#1597 Attackers hiding stolen credit card numbers in images
Researchers are encouraging developers who use Magento to remain vigilant about securely configuring their sites, as attackers have been embedding credit card swipers in sites running the open source e-commerce platform.

The swipers, or scrapers, are bits of malicious code that collect credit card numbers, login details and other information and forward it to attackers. While criminals have been targeting sites running the platform for months, they’ve only just recently started embedding that information in obscure image files.

In an even more confounding twist, in one recent instance an image that was hiding stolen credit card numbers was legitimate and publicly viewable, meaning an attacker wouldn’t even have to go to the trouble of accessing the site to get the information. They could simply view or download the image from the affected site.
Read more
#1601 5900 online stores found skimming [analysis]
#1600 VeraCrypt patches critical vulnerabilities uncovered in audit
#1599 DSL does 10Gbps over telephone lines
#1598 Why is Java so insecure? Buggy open source components take the blame
#1597 Attackers hiding stolen credit card numbers in images
2017: 01 02 03 04 05
2016: 01 02 03 04 05 06 07 08 09 10 11 12