A public warning is being given by the Computer Emergency Response Team (CERT-In) of the Government of India, which is associated with fraud happening during online shopping. A credit card skimming campaign is being run on sports, health and e-commerce websites, aimed at targeting you and emptying your account. In such a situation, users are advised to remain alert.
CERT-In has revealed in an official post that hackers are targeting websites hosted on Microsoft's IIS servers and operating on the ASP.NET web application framework. Attackers are actually taking advantage of a flaw in ASP.NET version 4.0.30319, which is no longer officially supported on Microsoft and is also easy to hack.
Read: Chinese app banned, this is the best Indian app for everything
In advisory, CERT-In has asked websites to immediately update web applications, servers and database servers in addition to updating to the latest version. Websites have been asked to regularly check the web server directories, so that malicious web shell files can be detected and removed with their help before the users are harmed.
Fear of card details theft
A reference to the recently shared Malwarebytes Labs report from CERT-In was also given, in which the old flaw CVE-2017-9248 was revealed. Researchers at Malwarebytes Labs discovered more than a dozen websites that were trying to steal users' credit card details with the help of malicious code.
Read: Only 5 easy tips, will increase your phone's battery life
Attack with the help of apps
Warning mentions the outdated web server framework, and earlier there was a case of stealing card details by attacking mobile apps with the help of malware. A cyber security firm called ThreatFabric has detected a new malware, BlackRock, which attacks more than 337 Android apps and is still active.