March 26, 2020 — It has been reported that hackers have breached the website of Tupperware, a US company known for its plastic food container products, and placed malicious code on its website to collect payment card details from site buyers. The malicious code has been running on the Tupperware homepage for at least five days, according to security researchers.
“Web skimmers or Magecart scripts work by taking advantage of an infrastructure vulnerability caused by misconfiguration. The misconfiguration enables an attacker to discover a potentially vulnerable website (using a shotgun approach) and upload the malicious code to service provider. To avoid this type of misconfigurations, it’s useful to comply with standardized security benchmarks – like the one from Center for Internet Security (CIS) which would enable an organization to validate their internal vulnerabilities. “