webinject - Security Intelligence

A new type of universal man-in-the-browser attack targets any website that accepts a credit card rather than a specific site. "Verified by Visa" and "MasterCard SourceCode" information has already been stolen from some victims as part of the attack.

article

Live on Video: uMitB Steals ‘Verified by Visa’ and ‘MasterCard SecureCode’ Credentials

A new video shows a uMitB scam stealing "Verified by Visa" and "MasterCard SecureCode" credentials from unsuspecting victims through a webinject.

March 6, 2013 | By George Tubin

article

article

Back to Basics: Malware Authors Downgrade Tactics to Stay Under the Radar

Malware authors have created variants to monitor Web sessions between a customer and their bank in order to change data in real time and steal information.

February 7, 2013 | By Amit Klein

article

Tatanga Attack Exposes chipTAN Weaknesses

A new Tatanga attack uses MitB software to bypass chipTAN systems to steal user data. The attack creates instructions for a fake transaction.

September 4, 2012 | By Amit Klein

article

article

À la Carte: Criminals Charging Per Custom Webinject Feature

According to recent research on webinject trends, cyber criminals are now selling customized webinjects that are priced per feature.

June 26, 2012 | By Amit Klein

article

Tatanga Trojan Bypasses Mobile Security to Steal Money From Online Banking Users in Germany

A new Tatanga Trojan recently emerged, which uses a MitB attack to bypass mobile security in bank transactions. The scam is commiting fraud in Germany.

May 22, 2012 | By Amit Klein

article

Ice IX Malware Redirects Bank Phone Calls to Attackers

New Ice IX configurations are targeting online banking customers in the U.K. and U.S. and accessing assets through personal info like telephone accounts.

February 1, 2012 | By Amit Klein

article

GlitchPOS Creator Offers Instructional Video to Make Deploying POS Malware Easier

New Mirai Variant Targets Business Presentation and Display Devices

Brute-Force Attack Wave Uses Legacy Protocols, Credential Dumps to Compromise Cloud Accounts

Threat Actors Use Fake Copyright Infringement Notifications in Instagram Hacking Campaign

Voices of Security

X-Force Red in Action

A Secure Start

On the Front Line With IBM X-Force IRIS

Security Considerations for Whatever Cloud Service Model You Adopt

At RSAC 2019, It’s Clear the World Needs More Public Interest Technologists

To Improve Critical Infrastructure Security, Bring IT and OT Together

5 Characteristics of an Effective Incident Response Team: Lessons From the Front Line

The Business of Organized Cybercrime: Rising Intergang Collaboration in 2018

Spectre, Meltdown and More: What You Need to Know About Hardware Vulnerabilities

Stranger Danger: X-Force Red Finds 19 Vulnerabilities in Visitor Management Systems

Podcast: Digital Identity Trust, Part 3 — Powering Digital Growth With Digital Identity Trust

Podcast: Monitoring National Cybersecurity Trends With Former NSA Deputy Director Bill Crowell

X-Force Red in Action: Spotlight on Password Security With Dustin ‘Evil Mog’ Heywood

Podcast: Demystifying the Role of AI in Cybersecurity

Webinar: A Treatment Plan for UEM in Healthcare

Webinar: Cloud IAM: Your Key to Digital Transformation

Webinar: Under the Radar: March Live Webinar and Demo

Cyberattacks and the Airline Industry: The Strategic Threat Landscape

Tag: webinject

Live on Video: uMitB Steals ‘Verified by Visa’ and ‘MasterCard SecureCode’ Credentials

Back to Basics: Malware Authors Downgrade Tactics to Stay Under the Radar

Tatanga Attack Exposes chipTAN Weaknesses

À la Carte: Criminals Charging Per Custom Webinject Feature

Tatanga Trojan Bypasses Mobile Security to Steal Money From Online Banking Users in Germany

Ice IX Malware Redirects Bank Phone Calls to Attackers