Security researchers Riskiq have identified 17,000 domains that they say Magecart has compromised this way, including 2,000 of “the world’s biggest sites.” It’s not clear how many of those actually have credit-card processing scripts that would allow Magecart to steal card details from their customers.
Amazon S3 buckets are secure by default. Companies run into trouble when they actively change those permissions, either somewhere in the development process or when they hand off cloud work to a third-party contractor. Those Amazon S3 bucket misconfigurations have caused plenty of problems before. The fallout, though, was usually limited to the exposure of personally identifiable information, huge databases of usernames and passwords and birthdays and Social Security numbers that wind up for sale, or for free, on the dark web and elsewhere. That’s because those goofs typically give read permission to interlopers, but not the ability to write code. The Magecart hackers figured out a way to scan for misconfigurations that do both—and now they know 17,000 vulnerable domains.
“This is a whole new level of misconfiguring,” says Klijnsma. “These buckets are pretty much owned by anybody who talks to it, which is on a different scale, a different type of data leakage. Pretty much anybody can do anything in those S3 buckets, and the reach of those is quite big.”
Hack Brief: A Card-Skimming Hacker Group Hit 17K Domains—and Counting [Brian Barrett/Wired]
In 2016, EFF sued the US Government on behalf of Andrew “bunnie” Huang and Matthew Green, both of whom wanted to engage in normal technological activities (auditing digital security, editing videos, etc) that put at risk from Section 1201 of the Digital Millennium Copyright Act.
Zoom is an incredibly popular videoconferencing tool. In late March, security researcher Jonathan Leitschuh notified the company that its Mac software contained a ghastly vulnerability that allowed attackers to take over your camera after tricking you into clicking a malicious link. Leitschuh gave Zoom 90 days to fix the bug before going public (a common […]
I occasionally need to use an Android device to get things done for my day job. I like the flexibility of the operating system: I can tweak to my hearts content. An Android phone often runs cheaper than a handset from Apple and, in some cases, boast photo snapping capabilities that kick the bejesus out […]
When it comes to storage, you’ve typically got a couple of options: Keep those priceless pics and videos on your phone or laptop (then lose them when either breaks down), or cough up hundreds every year for a decent Dropbox account or another cloud service like iCloud. Trust us, you’re not the only one asking […]
If you listen to vinyl, it’s a good bet that the sound is only part of the experience. There’s something about the tactile sensation of putting the needle on the record, the ritual of hearing that static before the first note kicks in. If you’re that kind of devotee, there’s a record player that’s on […]
So the kids are on summer vacation? That doesn’t mean you can’t do a little schooling yourself. These eLearning bundles from CreativeLive can teach you photography, finance, podcasting or other life skills with curriculum from established professionals in each field. Read on for details: The Complete Outdoor Photography Bundle Every day, there are sunsets and […]