fbpx
Frame-14

Privacy Ninja

        • DATA PROTECTION

        • CYBERSECURITY

        • Penetration Testing

          Secure your network against various threat points. VA starts at only S$1,000, while VAPT starts at S$4,000. With Price Beat Guarantee!

        • API Penetration Testing

        • Enhance your digital security posture with our approach that identifies and addresses vulnerabilities within your API framework, ensuring robust protection against cyber threats targeting your digital interfaces.

        • On-Prem & Cloud Network Penetration Testing

        • Boost your network’s resilience with our assessment that uncovers security gaps, so you can strengthen your defences against sophisticated cyber threats targeting your network

        • Web Penetration Testing

        • Fortify your web presence with our specialised web app penetration testing service, designed to uncover and address vulnerabilities, ensuring your website stands resilient against online threats

        • Mobile Penetration Testing

        • Strengthen your mobile ecosystem’s resilience with our in-depth penetration testing service. From applications to underlying systems, we meticulously probe for vulnerabilities

        • Cyber Hygiene Training

        • Empower your team with essential cybersecurity knowledge, covering the latest vulnerabilities, best practices, and proactive defence strategies

        • Thick Client Penetration Testing

        • Elevate your application’s security with our thorough thick client penetration testing service. From standalone desktop applications to complex client-server systems, we meticulously probe for vulnerabilities to fortify your software against potential cyber threats.

        • Source Code Review

        • Ensure the integrity and security of your codebase with our comprehensive service, meticulously analysing code quality, identifying vulnerabilities, and optimising performance for various types of applications, scripts, plugins, and more

        • Email Spoofing Prevention

        • Check if your organisation’s email is vulnerable to hackers and put a stop to it. Receive your free test today!

        • Email Phishing Excercise

        • Strengthen your defense against email threats via simulated attacks that test and educate your team on spotting malicious emails, reducing breach risks and boosting security.

        • Cyber Essentials Bundle

        • Equip your organisation with essential cyber protection through our packages, featuring quarterly breached accounts monitoring, email phishing campaigns, cyber hygiene training, and more. LAUNCHING SOON.

I'VE BEEN BREACHED

Target Open Sources Scanner for Digital Credit Card Skimmers

Target Open Sources Scanner for Digital Credit Card Skimmers

Target, one of the largest American department store chains and e-commerce retailers, has open sourced ‘Merry Maker’ – its years-old proprietary scanner for payment card skimming.

A skimmer is malicious code injected into shopping sites to steal customers’ credit card data at checkout. The code can be hidden on the online store or it can be loaded from external resources, sometimes via a local element such as a favicon.

By open-sourcing Merry-Maker, Target helps online retailers fight the credit card skimming threat that’s been affecting the sector for years.

Also Read: How To Delete Security Camera Footage: 5 Different Ways

Target’s solution

Target has been running its online shop since 2002, offering almost all products that one can find in the brick-and-mortar locations of the chain. The site is an attractive target for credit card thieves as it enjoys high traffic (Alexa rank: 200).

As the credit card skimming threat increased, two of Target’s security engineers, Eric Brandel and Caleb Walch, took action and in 2018 they created ‘Merry Maker’ to detect code that steals payment card data.

The tool simulates real user activity through test transactions, which are flagged accordingly internally. It then collects and analyzes the resulting network requests, JavaScript file activations, and any other signs of unwanted or suspicious activity.

Merry Maker anti-skimmer

The scanner component of the Merry Maker framework inspects events and determines which rules to apply. There is support for YARA rules, indicators of compromise (IoCs), unknown domain rule.

Merry Maker anti-skimmer scanner

Merry Maker relies on Puppeteer – a Node.js component, to control the client-side scanner implemented through a headless browser (Headless Chrome), Target explains in a more technical report.

Also Read: Top 10 Reliable IT Companies in Singapore

An administration dashboard shows “the current state and health of the system,” recent alerts, the number of events pending, and active scans.

Open-sourcing Merry Maker

After more than a million scans on Target.com, the company believes that the tool has matured enough to be deployed anywhere without causing operational hiccups.

As such, Target has decided to open-source the tool and share it with the community along with several detection rules to help “other cybersecurity teams stand up their own customized defense.”

The framework is available on the company’s GitHub page.

0 Comments

Let us help you out.

Grab your free consultation NOW!

Privacy Ninja

Data Protection​

Cybersecurity

Support

Company

Locations

Singapore

7 Temasek Boulevard
#12-07, Suntec Tower One
Singapore 038987

Thailand

The Royal Place 1
2, 2/399 Mahatlek Luang 1 Alley, Lumphini, Pathum Wan, Bangkok 10330, Thailand



email-icon
Facebook Twitter Linkedin Youtube

KEEP IN TOUCH

Subscribe to our mailing list to get free tips on Data Protection and Data Privacy updates weekly!

Personal Data Protection

REPORTING DATA BREACH TO PDPC?

We have assisted numerous companies to prepare proper and accurate reports to PDPC to minimise financial penalties.
TALK TO US
×

Hello!

Click one of our contacts below to chat on WhatsApp

Social Chat is free, download and try it now here!

× Chat with us