all InfoSec news
Hackers use video player to steal credit cards from over 100 sites
I'm trying to think about this and wondering if an iframe tokenizer would've even helped. We might just not have enough info.
Possibly whitelisting external traffic would be the real trick but it sounds like the exfiltration was done host side. Unclear or I need to read it again. Thoughts?/u/dossier