comscore CERT-In alerts about new credit card scam on the internet | BGR India
News

India's CERT issues warning about credit card scam on the internet

Using this vulnerability, attackers can steal your credit card details or even passwords.

  • Published: July 19, 2020 9:25 PM IST
online-shopping-payment

India has millions of internet users, making them the perfect target for scammers. And according to the Indian Computer Emergency Response Team (CERT-In), there’s a new attack model looking to steal their data and even money. The cyber body explained about a credit card skimming campaign run through e-commerce websites. Also Read - Microsoft launches Windows File Recovery app to help recover deleted data

Attackers targeted the websites hosted on Microsoft’s IIS server and running ASP.NET web application framework, CERT-In explained. Apparently, Microsoft no longer supports this framework. And this has made the websites running on the server vulnerable to cyber attacks. Also Read - New Android vulnerability warning issued by CERT-In

Watch: Weekly News Roundup – June 17

So understandably, CERT-In wants owners of these websites to update their framework to the latest version. In addition to this, they want to make sure they audit the applications as well as the server database. This way, they will be able to keep a track of any malicious files loaded into the backend for exploiting the security weakness. Also Read - CERT-In issues alert on 'Locky' ransomware spreading in India

The details shared by CERT-In came through a recent Malwarebytes Labs report. It had discovered vulnerability termed CVE-2017-9248, for ASP.NET allowed them to steal credit card details. That’s not all, the issue could allow attackers to steal passwords of users, it said. The report said incidents were first observed in April this year when online transactions were at the peak because of lockdown in many parts of the world.

Firmware updates are vital to make sure the website and their directories are clear of any wrongdoings. And it is crucial that website developers conduct regular audits to check the hygiene of the platform and update the frameworks.

Android users warned by CERT-In

Back in June, CERT-In had warned about new vulnerabilities affecting Android mobile users. “An Elevation of Privilege vulnerability named “StrandHogg 2.0” had been reported in Google’s Android.

The vulnerability was observed in the apps installed on the device. These apps will not alert the users as they can’t detect any issues. And if you start using the app, attackers can gain access to data on your phone. Which allows them to read messages, access photos, and all the apps on the phone.

For the latest tech news across the world, latest PC and Mobile games, tips & tricks, top-notch gadget reviews of most exciting releases follow BGR India’s Facebook, Twitter, subscribe our YouTube Channel. Also follow us on  Facebook Messenger for latest updates.
  • Published Date: July 19, 2020 9:25 PM IST



new arrivals in india

Best Sellers