Segway Online Store Hacked via Magecart

Researchers have identified a web skimmer on Segway’s online store that enabled threat actors to steal credit cards and customer information when they checked out. Segway is the maker of two-wheeled, self-balancing personal transporters Segway store compromised with Magecart skimmer | Malwarebytes Labs.

Subscribe
Notify of
guest

1 Expert Comment
Newest
Oldest Most Voted
Inline Feedbacks
View all comments
Uriel Maimon
Uriel Maimon , Senior Director of Emerging Technologies
InfoSec Expert
January 26, 2022 12:29 pm

<p>Magecart attackers continue get more creative with their techniques in order to evade detection, especially given advancements in security solutions over the years. By hiding the skimmer script inside a favicon pretending to display the site’s copyright, neither manual code reviews, static code analysis or scanners could have detected this easily. E-commerce businesses need a real-time monitoring solution that detects access to sensitive fields and attempts to exfiltrate personally identifiable information from the client side. It is important that users of Magento understand the need to disrupt the web attack lifecycle by stopping the theft of account and identity information from their site, and implement a solution to help do that. Taking action before it is too late will also help prevent damage to the brand’s reputation as well as limit potential liability for non-compliance.</p>

Last edited 10 months ago by Uriel Maimon
Information Security Buzz
1
0
Would love your thoughts, please comment.x
()
x