U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Hackers Steal Data of 4.38 Million Aflac Japan Customers|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Hackers Steal Data of 4.38 Million Aflac Japan Customers|
Advertisement

Ad Placeholder

Full Width × 90

Breaking News

Alleged Magecart hackers planted a software skimmer into Macy’s Website

Macy’s has started notifying some of its customers that crooks used a software skimmer to steal their personal and financial information. Macy’s has started notifying some of its customers that discovered a software skimmer on its website used by crooks to steal their personal and financial information. The malicious software was discovered on October 15, […]

macys script

Magecart Script – Source Bleeping Computer

Macy’s has started notifying some of its customers that crooks used a software skimmer to steal their personal and financial information.

Macy’s has started notifying some of its customers that discovered a software skimmer on its website used by crooks to steal their personal and financial information.

The malicious software was discovered on October 15, attackers injected it into the checkout page and the My Account wallet page on the macys.com website.

Macy’s believes that the software skimmer was injected on October 7, it also notified law enforcement and it hired a forensic firm to help investigate the incident.

The analysis of the software skimmer revealed that it was designed to siphon data provided by customers on the desktop version of the Macy’s website. According to the notice published by the retailer, the mobile application and mobile website were not impacted.

“On October 15, 2019, we were alerted to a suspicious connection between macys.com and another website. Our security teams immediately began an investigation. Based on our investigation, we believe that on October 7, 2019 an unauthorized third party added unauthorized computer code to two (2) pages on macys.com.” reads the notice of data breach. “The unauthorized code was highly specific and only allowed the third party to capture information submitted by customers on the following two (2) macys.com pages: (1) the checkout page – if credit card data was entered and “place order” button was hit; and (2) the wallet page – accessed through My Account. Our teams successfully removed the unauthorized code on October 15, 2019.”

Information potentially accessed by the cybercriminals include: First Name; Last Name; Address; City; State; Zip; Phone Number; Email Address; Payment Card Number; Payment Card Security Code; Payment Card Month/Year of Expiration if the values for these items were typed into the webpage while on either the macys.com checkout page or in the My Account wallet page. Customers checking out or interacting with the My Account wallet page on a mobile device or on the macys.com mobile application were not involved in this incident.

Macy’s alerted payment card issuers and announced additional security measures to prevent such incidents in the future. The retailer announced it will offer 12-month identity protection services for affected customers.

According to the experts, the specific software skimmer used in the attack suggests the involvement of one of the Magecart groups.

A researcher who wishes to remain anonymous told to BleepingComputer that the attack was carried out by one of the Magecart groups, he also shared the obfuscated Magecar script that was injected into the Macy’s website.

“When the attackers compromised the Macy’s website, they altered the https://www.macys.com/js/min/common/util/ClientSideErrorLog.js script to include an obfuscated Magecart script.” states BleepingComputer.

macys script
Magecart Script – Source Bleeping Computer
[adrotate banner=”9″] [adrotate banner=”12″]

Pierluigi Paganini

(SecurityAffairs – Magecart, Macy’s)

[adrotate banner=”5″]

[adrotate banner=”13″]