Oct 4, 2019

Credit card-stealing Magecart malware now infects 2 million sites

Joe Uchill

Over 2 million websites are now infected with Magecart, malware that allows thieves to steal credit card information, according to a RiskIQ report released Friday.

Why it matters: Magecart has become one of the most prolific threats to steal credit card information online. "2 million is a big number, and only getting bigger," Jordan Herman, a researcher at RiskIQ, told Axios via email.

Background: Magecart has ensnared some of the largest websites in credit card breaches, including Ticketmaster and British Airways.

  • It is often installed into the code running websites on misconfigured Amazon cloud servers using automated software that finds the cloud accounts and inserts that malicious code.
  • RiskIQ recommends, whenever possible, consumers use off-site mechanisms to pay for website goods — like Apple Pay, PayPal or other established trustworthy systems.

Go deeper

Felix Salmon

The rise of debt consolidation

Reproduced from TransUnion; Chart: Axios Visuals

New data from TransUnion suggests traditional banks might not be able to squeeze quite as much money from their credit card customers as they have in the past.

Background: For all the talk of banks being disrupted by nimbler digital competitors, it's generally impossible to see anywhere they've suffered so much as a flesh wound.

Go deeperArrowOct 31, 2019
Joe Uchill

Security flaw in Trump campaign website could have let hackers send fake emails

Many websites, including President Trump's 2020 campaign page, forgot to turn off a testing feature that could have given hackers the ability to meddle with their sites, according to a report from security firm Comparitech.

Why it matters: On the Trump site, hackers could have sent emails from the site or intercepted emails being sent — but user and donor information was never at risk.

Go deeperArrowOct 17, 2019
Ina Fried

Microsoft's Pentagon cloud contract win opens new political battles

Illustration: Lazaro Gamio/Axios

Friday's announcement that the Defense Department chose Microsoft over Amazon for a huge cloud computing contract will set two new battles in motion — one procedural and one political.

Why it matters: Amazon's lawyers will likely challenge the decision, while 2020 Democratic candidates will line up to charge the Pentagon with putting its hand on the scales to please President Trump.

Go deeperArrowOct 28, 2019