Web skimming has been a major scourge for online shops over the past several years with attacks ranging from simple script injections into payment forms to sophisticated compromises of legitimate third-party scripts and services. Sometimes referred to as Magecart attacks, they have become the leading cause of card-not-present (CNP) fraud and have impacted small and big brands alike, as well as different types of ecommerce platforms.
As one of the top online retailers, Target started looking for solutions a few years ago to combat this threat and keep its own customers protected while shopping on its platform. Since there were no ready-made detection tools for such attacks at the time, two of the company’s security engineers decided to develop their own. After being in active use on Target.com for over three years, the company’s client-side scanner has now been released as an open-source project dubbed Merry Maker.
To read this article in full, please click here
More Stories
Crooks Bypassed Google’s Email Verification to Create Workspace Accounts, Access 3rd-Party Services
Google says it recently fixed an authentication weakness that allowed crooks to circumvent the email verification required to create a Google...
Friday Squid Blogging: Sunscreen from Squid Pigments
They’re better for the environment. Blog moderation policy. Read More
Compromising the Secure Boot Process
This isn’t good: On Thursday, researchers from security firm Binarly revealed that Secure Boot is completely compromised on more than...
Synnovis Restores Systems After Cyber-Attack, But Blood Shortages Remain
Synnovis has rebuilt “substantial parts” of its systems following the Qilin ransomware attack on June 3, enabling the restoration of...
Hacktivists Claim Leak of CrowdStrike Threat Intelligence
CrowdStrike has acknowledged the claims by the USDoD hacktivist group, which has provided a link to download the alleged threat...
CrowdStrike Falcon Outage Exploited for Social Engineering
Cyber threat actors are exploiting the CrowdStrike Falcon outage to conduct social engineering attacks. Here's what the CIS CTI team...