Summary: An investigation has uncovered a web skimming campaign affecting at least 17 websites, including Casio UK’s site. Researchers discovered a double-entry web skimming attack that targeted cart pages, tricking users into submitting sensitive information through a fake payment form. The attack exploited vulnerabilities in Magento and highlighted weaknesses in the site’s Content Security Policy (CSP).
Affected: Casio UK, 16 additional e-commerce sites
Keypoints :
- Investigation revealed a significant web skimming campaign affecting multiple e-commerce sites.
- The skimmer targeted the cart page rather than the checkout page, employing deceptive tactics to collect sensitive information.
- Weaknesses in the Content Security Policy allowed the attack to succeed, demonstrating the importance of properly configured security measures.
Source: https://hackread.com/casio-16-websites-double-entry-web-skimming-attack/