Hackers Stealing Credit Card Info Via e-Commerce WordPress Sites

Cybercriminals are now injecting credit card swipers on random plugins from e-commerce WordPress sites to carry out credit card theft.

The process begins with hacking into WordPress sites, while also injecting a backdoor into the site, which allows them to keep their access to the site even after installing updates.

After that, the cybercriminals go further and add their malicious code to random plugins.

Administrators should follow several steps to protect themselves against card snatchers, including limiting the wp-admin range to specific IP addresses only.

Once this step has been taken, the threat actors will not be able to access the site, even after stealing administrator cookies and injecting a backdoor.

In addition, administrators are advised to conduct integrity monitoring through the use of active server-side scanners to ensure that no code changes last too long before they are detected.

Organizations should also develop the habit of reading logs and looking deeply into the details.

For more information, read the original story in BleepingComputer.

Hackers Stealing Credit Card Info Via e-Commerce WordPress Sites

Top Stories

SpaceX shares fall 20% from peak following $60 billion cursor acquisition

Snap unveils first consumer AR glasses priced at more than $2,000

Key U.S. data center law faces expiration with no replacement in sight

Starlink introduces $10 monthly hardware rental fee

Hackers used Meta’s AI support bot to hijack 20,000 Instagram accounts

Meta faces backlash after facial recognition code found in smart glasses app

Related Articles

Hackers used Meta’s AI support bot to hijack 20,000 Instagram accounts

New ‘HTTP/2 Bomb’ attack can crash major web servers from a single computer

CISA exposed internal passwords and cloud keys in public repository

Canvas restores service after cyberattack disrupted schools and universities

TND News Desk

TND News Desk

Jim Love