Rewterz Threat Advisory – CVE-2019-13526 – Datalogic AV7000 Linear Barcode Scanner Authentication Bypass vulnerability

August 30, 2019

Rewterz Threat Alert – Lazarus Targets Bitcoin Users

September 2, 2019

Rewterz Threat Alert – Magecart Group Continues Targeting E-Commerce Sites

September 2, 2019

Severity

Medium

Analysis Summary

In a series of recent attacks attributed to the umbrella criminal group known as Magecart, malicious JavaScript code was injected into over 80 e-commerce websites to steal credit card and other customer data.

numerous web applications used by online shopping sites are susceptible to “formjacking” attacks, which use malicious JavaScript code to skim credit card and other customer data from payment pages and send that information to the attackers. These types of virtual skimmers are also referred to as JavaScript skimmers, JavaScript sniffers or JS sniffers.

The Magecart threat is not new – and has very high profile, public breaches – so vigilance is key. In addition to basic housekeeping – like keeping website platforms patched and updated to the latest versions – ensure your web code has been audited for any signs of code tampering, and make sure you have a security solution in place that is able to identify any attempt at code tampering and protect against this type of attack and others targeting the client side.

Impact

Exposure of sensitive information
Financial loss

Remediation

Always be suspicious about emails sent by unknown senders.
Never click on the link/attachments sent by unknown senders.

Platform

Managed Security Services

Managed Penetration Testing

Assess

Transform

Train

Respond

Resources

Critical PHP RCE Vulnerability Under Mass Exploitation in New Attacks

Multiple Adobe Products Vulnerabilities

Apple WebKit Zero-Day Actively Exploited in High-Profile Cyber Attacks

Threat Insights

About Us

Our Leadership

CSR

Connect with Us