We would all like to catch up on our reading and improve our professional skills, so why not achieve two goals with one click? If you wish to take the time on your upcoming vacation to enjoy a brilliant text that was recommended by the leaders of the cybersecurity arena, here are 20 suggestions to expand your horizons on website security and Magecart attacks and bring you up to speed while sipping piña coladas by the pool.

1.Krebs on Security: That domain you forgot to renew? Yeah, it’s now stealing credit cards

A former security reporter for the Washington Post, Brian Krebs knows a thing or two about the cyber world. In this post, he details the security threat of losing a traffic-generating website domain and explains how hackers use these websites to steal credit card data and other information. 

2. ZDNet: JavaScript card sniffing attacks spread to other eCommerce platforms

The well-known website ZDnet brings technology news of different kinds, very much including security-focused. In this article, reporter Catalin Cimpanu talks about the new eCommerce platforms for Magecart attacks, which include OpenCart, OSCommerce, WooCommerce, Shopify, and others. 

3. Help Net Security: 1 in 5 merchants compromised by Magecart get reinfected

This article dives into the results of Willem de Groot’s research, which shows that Magecart attackers manage to infiltrate the same websites over and over again, using new tricks and tactics. This is an all too familiar scenario in the cyber world and it’s important to understand how and why it happens. 

4. Data Breach Today: Magecart cybercrime groups harvest payment card data

If you are currently training new team members and looking for a comprehensive and detailed explanation of Magecart attacks, we highly recommend reading and sharing this article. It features basic and clear definitions and categories, interesting if somewhat alarming data, and more. 

5. Flashpoint: ‘Inside Magecart’ exposes the operation behind the web’s biggest eCommerce scourge

As a cybersecurity professional, you must have wished a thousand times that you were a fly on the desktop of Magecart hackers. Well, this article is as close as you’ll probably get. It examines the fascinating world behind virtual enemy lines. We highly recommend downloading the report the article is based on.  

6. Security Week: Seven hacking groups operate under “Magecart” umbrella, analysis shows

One of the questions on security experts’ minds is how many groups, exactly, does the Magecart hacking method include. There are several contradicting reports on this matter, but we like the explanation in this article and hope you will, too. Learn a little about each group and a lot about the combined threat they pose. 

7. Naked security by Sophos: Atlanta Hawks fall prey to Magecart credit card skimming group

There are plenty of Magecart attacks to read about and learn from, but it’s crucial that we prioritize the most recent ones, as they provide new information regarding hackers’ way of work. In this article, you’ll read about one of the latest and most prominent attacks, which is particularly interesting if you’re a sports fan. 

8. Dark Reading: Getting up to Speed on Magecart

Once again, this is a great article for those of you looking to take a deeper look into Magecart attacks, only this time the angle is a bit more technical. The article uses various examples, such as the Newegg.com breach, and links to additional interesting resources.

9. Netsparker: DOM Based Cross-site Scripting Vulnerability

The article dives into one of the more common forms of attack, which is Cross-site scripting vulnerability and includes an in-depth explanation, as well as a JavaScript code example. This is a good way to get to know a vulnerability found in about 50% of websites. 

10. SC Magazine: Magecart POS skimmer adds iframe injection technique

We cannot stress enough the importance of staying up to date on hacking techniques. This article will help you do that by examining a relatively new advancement in hackers’ operation, which includes using a new POS skimmer that injects an iframe into retailers’ websites. Remember: you cannot protect websites against what you don’t know.

11. IT Security Guru: Topps.com sports collectible site exposes payment info in Magecart attack

In this case, we recommend not just reading this short post about the data breach notification issued by sports trading company Topps, but actually following the website and its regular breach alerts. If you’ve always wanted to be the first person to know of every security incident, this is your chance. 

12. Fifth Domain Cyber: Formjacking and the new threats to government

The article touches on a more specific type of Magecart attacks, Formjacking, and discusses its influence on federal agencies and other public organizations. This is also a great reminder that no one is safe from hacking – not even the FBI. 

13. The Cyber Feed: Top 10 digital attack vectors to watch out for

We love lists, and this one examines the top 10 types of digital attacks in a simple and even entertaining manner. You’ll have to download the eBook to read the full text, but after reading the sneak peek paragraphs you’ll be able to decide if it’s worth it. 

14. The Register: Wipro wasn’t a one-off: Same hacking crew targeted scores of firms, big and small

This article follows in the footsteps of famous hackers group Wipro and guides readers through the group’s techniques, its latest attacks, and more. This is an efficient way to study a specific hacking method and visit the mind of a hacker while you’re at it. 

15. Threatpost: Forbes becomes latest victim of Magecart payment card skimmer

In a very meta move, this piece of content examines the security breach of another content website, Forbes. The article explains the technical side of the attack and the course of the website’s response, complete with screenshots of the actual malicious script. 

16. Info Security: Big Banks Vulnerable to Web, Mobile Attacks

Sometimes, we need a reminder that hackers can reach and hurt literally anyone. This article examines the vulnerabilities of financial institutions and shows that most of the major banks are exposed to attacks and must protect themselves from what could end up being devastating damage.

17. The Hacker News: New MageCart attacks target bedding retailers My Pillow and Amerisleep

This is yet another detailed description of a Magecart attack, including code screenshots and an overview of attacks that resemble this course of action. We invite you to read this article, but if the attack over two bedding retailers keeps you up at night, appreciate the irony and don’t blame us. 

18. HackRead: VisionDirect hacked: Hackers infect domains with malicious Google Analytics code

For the attack described in this article, hackers used the Google Analytics tool and inserted a fake piece of code to steal financial data. This is a word of warning for those who use this common tool without taking the necessary precautions and think that Google will take care of everything.  

19. ITWire: Clothing company OppoSuits hit by Magecart attack

The content of this article is a bit challenging, as it examines a Magecart attack without having all the relevant information. Still, it’s inspiring to see how security reporters make the educated assumption regarding the attackers’ identity, despite the fact that the clothing company itself refused to provide any specific details. 

20. CSO Online: Magecart payment card skimmer gang returns stronger than ever

The final article on our list is focused on the infamous credit card skimmer that became that much more sophisticated and threatening. The article explains the current advancements that make this skimmer a more powerful hacking tool and provide helpful information for those trying to protect themselves from it. 

Just like the hacker hunt, the resources and information on cybersecurity never end. You couldn’t possibly read every new article as it gets published, but you do need to stay on your toes somehow. We hope that this list will keep you informed and captivated by the challenging professional field you’ve chosen, and invite you to visit our blog and learn even more. Enjoy your reading! 

PCI DSS 4.0 makes client-side security a priority.

Source Defense delivers a solution for 6.4.3 and 11.6.1 without adding a burden to your security teams.

Scroll