Kevin Karhan :verified:<p><span class="h-card" translate="no"><a href="https://infosec.exchange/@nieldk" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>nieldk</span></a></span> <span class="h-card" translate="no"><a href="https://infosec.exchange/@jerry" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>jerry</span></a></span> TBH, I'm not that concerned about this re: <span class="h-card" translate="no"><a href="https://mastodon.archive.org/@internetarchive" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>internetarchive</span></a></span> ...</p><ul><li>I just think that attacking the <a href="https://infosec.space/tags/InternetArchive" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>InternetArchive</span></a> is an asshole move that is unjustifyable at best and a waste of resources at worst.</li></ul><p>Like aside from some hashed passwords there is nothing for the taking! This ain't like some <a href="https://infosec.space/tags/MageCart" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>MageCart</span></a>-style <a href="https://infosec.space/tags/malware" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>malware</span></a> where they siphon off payment details.</p><ul><li><em>"EVERYONE HATES THAT"</em> is the reaction re: <a href="https://infosec.space/tags/InternetArchiveHack" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>InternetArchiveHack</span></a> because there's neither <a href="https://infosec.space/tags/profit" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>profit</span></a> nor <a href="https://infosec.space/tags/fame" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>fame</span></a> in it, so mostl likely a case of <em>"weapons-grade boredom"</em>...</li></ul>
shakedown.social is one of the many independent Mastodon servers you can use to participate in the fediverse.
A community for live music fans with roots in the jam scene. Shakedown Social is run by a team of volunteers (led by @clifff and @sethadam1) and funded by donations.
Administered by:
Server stats:
270active users
shakedown.social: About · Status · Profiles directory · Privacy policy
Mastodon: About · Get the app · Keyboard shortcuts · View source code · v4.4.1
#magecart
0 posts · 0 participants · 0 posts today
Kevin Karhan :verified:<p><span class="h-card" translate="no"><a href="https://autistics.life/@ashleyspencer" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>ashleyspencer</span></a></span> <span class="h-card" translate="no"><a href="https://flipping.rocks/@sunguramy" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>sunguramy</span></a></span> and they don't have like an <a href="https://infosec.space/tags/API" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>API</span></a> to just <a href="https://infosec.space/tags/curl" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>curl</span></a> said image files with?</p><p>I mean that certainly prevents most <a href="https://infosec.space/tags/MageCart" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>MageCart</span></a>-Style <a href="https://infosec.space/tags/Carding" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Carding</span></a> attacks that plague <a href="https://infosec.space/tags/WooCommerce" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>WooCommerce</span></a> & <a href="https://infosec.space/tags/Magento" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Magento</span></a>-based <a href="https://infosec.space/tags/Webshop" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Webshop</span></a> systems...</p>
The Hacker News<p>Referenced link: <a href="https://thehackernews.com/2023/04/attention-online-shoppers-dont-be.html" rel="nofollow noopener" target="_blank"><span class="invisible">https://</span><span class="ellipsis">thehackernews.com/2023/04/atte</span><span class="invisible">ntion-online-shoppers-dont-be.html</span></a><br>Discuss on <a href="https://discu.eu/q/https://thehackernews.com/2023/04/attention-online-shoppers-dont-be.html" rel="nofollow noopener" target="_blank"><span class="invisible">https://</span><span class="ellipsis">discu.eu/q/https://thehackerne</span><span class="invisible">ws.com/2023/04/attention-online-shoppers-dont-be.html</span></a></p><p>Originally posted by The Hacker News / @TheHackersNews: <a href="http://nitter.platypush.tech/TheHackersNews/status/1651879228760117251#m" rel="nofollow noopener" target="_blank"><span class="invisible">http://</span><span class="ellipsis">nitter.platypush.tech/TheHacke</span><span class="invisible">rsNews/status/1651879228760117251#m</span></a></p><p>ALERT: A new <a href="https://social.platypush.tech/tags/Magecart" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Magecart</span></a> campaign is using fake payment screens that are hard to detect and look more authentic than the original pages, in order to capture sensitive data from unsuspecting users.</p><p>Read details: <a href="https://thehackernews.com/2023/04/attention-online-shoppers-dont-be.html" rel="nofollow noopener" target="_blank"><span class="invisible">https://</span><span class="ellipsis">thehackernews.com/2023/04/atte</span><span class="invisible">ntion-online-shoppers-dont-be.html</span></a></p><p><a href="https://social.platypush.tech/tags/cybersecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>cybersecurity</span></a> <a href="https://social.platypush.tech/tags/hacking" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>hacking</span></a></p>
Jérôme Segura<p>I recently came across an interesting <a href="https://infosec.exchange/tags/Magecart" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Magecart</span></a> skimmer where the threat actor seemed to be a crypto fanboy.</p><p>It's actually using the mr.SNIFFA toolkit and the domains are hosted with Russian-based DDos-Guard.</p><p>Thanks to the folks at SilentPush and their service for a deeper look in the infrastructure. Also, to <span class="h-card"><a href="https://infosec.exchange/@briankrebs" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>briankrebs</span></a></span> for the name check on the briansclub site selling stolen credit cards.</p><p>You can read more about it in this blog post:<br><a href="https://www.malwarebytes.com/blog/threat-intelligence/2023/01/crypto-inspired-magecart-skimmer-surfaces-via-digital-crime-haven" rel="nofollow noopener" target="_blank"><span class="invisible">https://www.</span><span class="ellipsis">malwarebytes.com/blog/threat-i</span><span class="invisible">ntelligence/2023/01/crypto-inspired-magecart-skimmer-surfaces-via-digital-crime-haven</span></a></p>
TrendingLive feeds
Mastodon is the best way to keep up with what's happening.
Follow anyone across the fediverse and see it all in chronological order. No algorithms, ads, or clickbait in sight.
Create accountLoginDrag & drop to upload