Hacked To Inject Payment Card Stealing Script

A curious case of web-based card skimming activity revealed that the Poker Tracker website had been compromised and loaded a Magecart script – code that steals payment information from customers.

Online poker enthusiasts use the Poker Tracker software suite to improve their winning chances by making decisions based on statistics compiled from the opponents’ gameplay, Bleeping Computer reported.

Usman Rahim, Digital Security and Operations Manager,  The Media Trust
August 22, 2019
Developers use CSPs to enforce a white list of resources that a client browser can load resources from and sites that can interact with their site.
The hacking of a popular site and software reveals the growing popularity of combining two attack methods: (1) compromising websites that use outdated versions of their content management platforms and (2) injecting credit card skimmers on to the page. Bad actors know too well the vulnerabilities of web content platforms. And, even when those platforms release new versions to address vulnerabiliti ....
[Read More >>]
Elad Shapira, Head of Research,  Panorays
August 21, 2019
Elad Shapira, Head of Research at Panorays
The PokerTracker hack illustrates a common cybersecurity issue: the failure of many companies to update their Content Management Systems (CMS). In fact, Panorays research found that nearly one-third of US management consultancy firms were running older versions of CMS like WordPress and Drupal. If such is the case at critical suppliers, then it comes as no surprise that websites like Poker Track ....
[Read More >>]
David Kennefick, Product Architect,  edgescan
August 21, 2019
Have a proactive blocking system installed and its signatures updated.
This particular vulnerabilities stems back to the implementation of an outdated CMS. As with many of these technologies there is a support structure of frameworks that need to be taken into account when they are deployed and supported. In this instance the exploit appears to have been planted via an outdated version of Drupal. The core lessons that should be taken from this hack: Advise for te ....
[Read More >>]

If you are an expert on this topic:

Dot Your Expert Comments

SUBSCRIBE to alert when new comments are posted on this news. :

In this article