According to information released by ZDNet, a three-year-old Magento plugin vulnerability is being taken advantage of in order to record and steal payment card details. To carry out these e-skimming attacks, hackers are exploiting the cross-site scripting (XSS) bug CVE-2017-7391 that lies in the Magento Mass Import (MAGMI) plugin. After gaining access to the target site, the actors will dismantle the PHP and JavaScript to allow for their malicious code to be inserted and begin stealing payment details. After details have been collected, they’re converted to Base64 format, stored in JPEG files, and sent to the hacker’s server.
12 Essentials for a Successful SOC Partnership
As cyber threats continue to impact businesses of all sizes, the need for round-the-clock security