- India Achieves Record growth in food production
- 'Engineer' Chief Minister has failed in Bihar: BJP ridicules Nitish Kumar
- UK: Manchester University flags cyber security breach, detects 'unauthorised activity'
- AI in current form no threat to jobs: Minister Rajeev Chandrasekhar
- WTC Final: Would have picked Ashwin for his batting, let alone his bowling, says Steve Waugh
- ‘It’s at 30 when real adulting hits you,’ says Tamannaah Bhatia
- Here is the runtime of NBK’s ‘Bhagavanth Kesari’ teaser
- Indian-American White House Covid response coordinator to step down
- India open to FTA talks bilaterally or individually with African nations: Piyush Goyal
- Supreme Court seeks report from Madras HC on lack of women toilets at Nilgiris court complex
Credit Card Fraud Alert: CERT-In Discloses 'Hacked' Websites Names and Tips for Website Developers
Attackers are typically targeting e-commerce sites because of their extensive presence, popularity and the environment LAMP.
The government's cyber security agency Cert-In has warned against instances of credit card frauds on e-commerce websites across the world. Cyber criminals in online credit card skimming, add skimming code on online shopping websites to steal credit card data shared by customers. According to Cert-In, "Attackers are typically targeting e-commerce sites because of their wide presence, popularity and the environment LAMP (Linux, Apache, MySQL, and PHP)."
The Cert-In's advisory is based on Malwarebytes recent report. As per the report, all the compromised sites identified had a shopping portal, and this is what the cyber attackers were doing. Cert-In has shared the names hacked websites:
Cert-In has also shared tips for website developers:
1. Use the latest version of ASP.NET web framework, IIS Web server and database server.
2. Apply appropriate updates on the OS and application software as and when available through OEM.
3. Restrict access by default completely and only allow fully necessary accesses.
4. Occasionally conduct a complete security audit of the web application, web server, database server and after every significant configuration change, and plug vulnerabilities found.
5. Apply SIEM (Security Information and Event Management) and Database Activity Monitoring (DAM) solutions.
6. Search all the websites hosted on the web server or sharing the same DB server for the mischievous web shells.
7. Occasionally check the web server directories for any malicious/unknown web shell files and remove when noticed.