Security Newsletter
24 September 2018
Magecart claims another victim in Newegg merchant data theft
Magecart, the notorious hacking group behind the Ticketmaster and British Airways data breaches, has now victimized popular computer hardware and consumer electronics retailer Newegg.
Magecart hacking group managed to infiltrate the Newegg website and steal the credit card details of all customers who entered their payment card information between August 14 and September 18, 2018, according to a joint analysis from Volexity and RiskIQ. The Magecart hacking group, which has been active since 2015, registered a domain called Being similar to Newegg's legitimate domain,, it was likely registered to appear as a genuine extension of the true domain.
The attack affected both desktop and mobile customers, though it is still unclear how many customers were actually hit by this credit card breach. However, considering that more than 50 million shoppers visit Newegg every month and that the malicious code was there for over one month, it could be assumed that this Magecart newest card skimming campaign has possibly stolen the payment information on millions of Newegg customers, even if only a fraction of those visitors make purchases.
But where would this payload come from? Newegg itself. Around the same day, the cyberattackers were able to infiltrate Newegg systems and drop payment card skimmer code into the e-retailer's checkout process.
How do we solve the problem? There is no silver bullet, but some security measures definitely make it harder for the attacker: 1) Define a (strict) Content-Security-Policy (CSP) 2) Trust your 3rd parties, but verify with Subresource Integrity (SRI) 3) Make sure all assets on sensitive pages use SRI through...CSP.
Read More at ZDNet
Even more at TheHackerNews
Report from RiskIQ
Magecart are coming for you, are you ready?
Cutting room floor
#Tech and #Tools
This content was created by Kindred Group Security. Please share if you enjoyed!
Kindred Group in brief
Kindred is one of the largest online gambling companies in the world with over 24 million customers across 100 markets. We offer pre-game and live Sports betting, Poker, Casino and Games through 11 brands across our markets. We are committed to offer our customers the best deal and user experience possible, while ensuring a safe and fair gambling environment. Kindred is a pioneer in the online gambling industry and as an innovation driven company that builds on trust.
You can access the previous newsletters at
If you no longer wish to receive this newsletter, you can unsubscribe from this list.