shakedown.social is one of the many independent Mastodon servers you can use to participate in the fediverse.
A community for live music fans with roots in the jam scene. Shakedown Social is run by a team of volunteers (led by @clifff and @sethadam1) and funded by donations.

Administered by:

Server stats:

257
active users

#magecart

0 posts0 participants0 posts today
Kevin Karhan :verified:<p><span class="h-card" translate="no"><a href="https://infosec.exchange/@nieldk" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>nieldk</span></a></span> <span class="h-card" translate="no"><a href="https://infosec.exchange/@jerry" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>jerry</span></a></span> TBH, I'm not that concerned about this re: <span class="h-card" translate="no"><a href="https://mastodon.archive.org/@internetarchive" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>internetarchive</span></a></span> ...</p><ul><li>I just think that attacking the <a href="https://infosec.space/tags/InternetArchive" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>InternetArchive</span></a> is an asshole move that is unjustifyable at best and a waste of resources at worst.</li></ul><p>Like aside from some hashed passwords there is nothing for the taking! This ain't like some <a href="https://infosec.space/tags/MageCart" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>MageCart</span></a>-style <a href="https://infosec.space/tags/malware" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>malware</span></a> where they siphon off payment details.</p><ul><li><em>"EVERYONE HATES THAT"</em> is the reaction re: <a href="https://infosec.space/tags/InternetArchiveHack" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>InternetArchiveHack</span></a> because there's neither <a href="https://infosec.space/tags/profit" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>profit</span></a> nor <a href="https://infosec.space/tags/fame" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>fame</span></a> in it, so mostl likely a case of <em>"weapons-grade boredom"</em>...</li></ul>
Kevin Karhan :verified:<p><span class="h-card" translate="no"><a href="https://autistics.life/@ashleyspencer" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>ashleyspencer</span></a></span> <span class="h-card" translate="no"><a href="https://flipping.rocks/@sunguramy" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>sunguramy</span></a></span> and they don't have like an <a href="https://infosec.space/tags/API" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>API</span></a> to just <a href="https://infosec.space/tags/curl" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>curl</span></a> said image files with?</p><p>I mean that certainly prevents most <a href="https://infosec.space/tags/MageCart" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>MageCart</span></a>-Style <a href="https://infosec.space/tags/Carding" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Carding</span></a> attacks that plague <a href="https://infosec.space/tags/WooCommerce" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>WooCommerce</span></a> &amp; <a href="https://infosec.space/tags/Magento" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Magento</span></a>-based <a href="https://infosec.space/tags/Webshop" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Webshop</span></a> systems...</p>
The Hacker News<p>Referenced link: <a href="https://thehackernews.com/2023/04/attention-online-shoppers-dont-be.html" rel="nofollow noopener noreferrer" target="_blank"><span class="invisible">https://</span><span class="ellipsis">thehackernews.com/2023/04/atte</span><span class="invisible">ntion-online-shoppers-dont-be.html</span></a><br>Discuss on <a href="https://discu.eu/q/https://thehackernews.com/2023/04/attention-online-shoppers-dont-be.html" rel="nofollow noopener noreferrer" target="_blank"><span class="invisible">https://</span><span class="ellipsis">discu.eu/q/https://thehackerne</span><span class="invisible">ws.com/2023/04/attention-online-shoppers-dont-be.html</span></a></p><p>Originally posted by The Hacker News / @TheHackersNews: <a href="http://nitter.platypush.tech/TheHackersNews/status/1651879228760117251#m" rel="nofollow noopener noreferrer" target="_blank"><span class="invisible">http://</span><span class="ellipsis">nitter.platypush.tech/TheHacke</span><span class="invisible">rsNews/status/1651879228760117251#m</span></a></p><p>ALERT: A new <a href="https://social.platypush.tech/tags/Magecart" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Magecart</span></a> campaign is using fake payment screens that are hard to detect and look more authentic than the original pages, in order to capture sensitive data from unsuspecting users.</p><p>Read details: <a href="https://thehackernews.com/2023/04/attention-online-shoppers-dont-be.html" rel="nofollow noopener noreferrer" target="_blank"><span class="invisible">https://</span><span class="ellipsis">thehackernews.com/2023/04/atte</span><span class="invisible">ntion-online-shoppers-dont-be.html</span></a></p><p><a href="https://social.platypush.tech/tags/cybersecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>cybersecurity</span></a> <a href="https://social.platypush.tech/tags/hacking" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>hacking</span></a></p>
Jérôme Segura<p>I recently came across an interesting <a href="https://infosec.exchange/tags/Magecart" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Magecart</span></a> skimmer where the threat actor seemed to be a crypto fanboy.</p><p>It's actually using the mr.SNIFFA toolkit and the domains are hosted with Russian-based DDos-Guard.</p><p>Thanks to the folks at SilentPush and their service for a deeper look in the infrastructure. Also, to <span class="h-card"><a href="https://infosec.exchange/@briankrebs" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>briankrebs</span></a></span> for the name check on the briansclub site selling stolen credit cards.</p><p>You can read more about it in this blog post:<br><a href="https://www.malwarebytes.com/blog/threat-intelligence/2023/01/crypto-inspired-magecart-skimmer-surfaces-via-digital-crime-haven" rel="nofollow noopener noreferrer" target="_blank"><span class="invisible">https://www.</span><span class="ellipsis">malwarebytes.com/blog/threat-i</span><span class="invisible">ntelligence/2023/01/crypto-inspired-magecart-skimmer-surfaces-via-digital-crime-haven</span></a></p>