Search results for: Magecart


Adobe fixes critical flaws in Magento, Adobe Illustrator and Bridge

Adobe has pushed out security updates fixing critical flaws in Magento Commerce, Open Source Enterprise and Community editions, Adobe Illustrator 2020 for Windows, and Adobe Bridge for Windows. Magento security update According to the security bulletin published on Tuesday, thirteen flaws in all have been reported, all but one affecting all supported versions of Magento, the popular e-commerce platform. Six of the Magento vulnerabilities are deemed critical: they are either command injection or security mitigation … More

insider threat

Week in review: Web shell malware, client-side web security, phishers exploit Zoom and Webex

Here’s an overview of some of last week’s most interesting news and articles: 46% of SMBs have been targeted by ransomware, 73% have paid the ransom Ransomware attacks are not at all unusual in the SMB community, as 46% of these businesses have been victims. And 73% of those SMBs that have been the targets of ransomware attacks actually have paid a ransom, Infrascale reveals. Web shell malware continues to evade many security tools Cyber … More

Client-side web security

To address attacks such as XSS, Magecart and other card skimming exploits found in modern eCommerce environments, the use of client-side web security methods is beginning to emerge as a particularly useful practice. Obviously, enterprise teams should integrate client-side protections with desired server-side countermeasures to ensure a full risk management profile (e.g., the client-side is a poor selection point to stop denial of service). Several standards-based client-side security approaches have begun to mature that are … More


Understanding web security solutions

As should be evident to anyone in the cyber security industry, the wide range of available web security solutions from commercial vendors will necessarily have varying degrees of effectiveness against different threats. A premise of this article is that client-side security has been under-represented in these solutions – and to see this, it helps to briefly examine the specifics of the well-known web security solutions in use today, and their respective emphases. Web Application Firewalls … More


A client-side perspective on web security

Threats to web security are explained in this first of a three-part article series, and client-side security is shown to address a commonly missed class of cyber attack exemplified by Magecart. Traditional solutions to web security are outlined, including a new approach to web security based on client-side standards such as content security policy and subresource integrity. These emerging approaches are explained in the context of a representative client-side security platform. Introduction Perhaps the most … More


5 questions about website and brand security every business owner should ask

Your website is the primary way your customers interact with your enterprise. You envision and create a website to: Enhance customer engagement and conversion of visitors to customers. Optimize revenue per customer. Create repeat customers. Retain customers, i.e., avoid customer attrition and abandonment. Adding security to the overall business strategy should initiate the following questions to ensure you are making informed decisions for the safety of your brand and your customers. 1. What scripts are … More


A closer look at the global threat landscape

60% of initial entries into victims’ networks leveraged either previously stolen credentials or known software vulnerabilities, allowing attackers to rely less on deception to gain access, according to a new IBM report exploring the global threat landscape. The top three initial attack vectors Phishing was a successful initial infection vector in less than one-third of incidents (31%) observed, compared to half in 2018. Scanning and exploitation of vulnerabilities resulted in 30% of observed incidents, compared … More


Mac threats are growing faster than their Windows counterparts

Mac threats growing faster than their Windows counterparts for the first time ever, with nearly twice as many Mac threats detected per endpoint as Windows threats, according to Malwarebytes. In addition, cybercriminals continue to focus on business targets with a diversification of threat types and attack strategies in 2019. Emotet and TrickBot were back in 2019 Trojan-turned-botnets Emotet and TrickBot made a return in 2019 to target organizations alongside new ransomware families, such as Ryuk, … More


Magento patches critical code execution vulnerabilities, upgrade ASAP!

Adobe-owned Magento has plugged multiple critical vulnerabilities in its eponymous content management system, the most severe of which could be exploited by attackers to achieve arbitrary code execution. About the fixed vulnerabilities According to the newest Magento-themed security bulletin (now published as an Adobe security bulletin), three of the six fixed flaws are critical and three are important. In the “critical” category are a deserialization of untrusted data (CVE-2020-3716) and a security bypass (CVE-2020-3718) that … More

RSA Conference announces finalists for Innovation Sandbox Contest 2020

RSA Conference announced the 10 finalists for its Innovation Sandbox Contest 2020. The competition calls on the most promising young companies in cybersecurity to showcase their transformative technologies to a panel of judges and live audience at RSA Conference 2020 in San Francisco. Past winners include Imperva, Phantom, and most recently, Axonius. Dr. Herbert (Hugh) Thompson On Monday, February 24, the finalists will present a three-minute pitch followed by a question-and-answer round as they battle … More


Week in review: Public cloud performance, new G Suite security options, how to build a successful SOC?

Here’s an overview of some of last week’s most interesting news, articles and podcasts: Women in cybersecurity can benefit from taking inventory of their personal apps Just as new apps get replaced by old ones, we in the security profession must continue to review our personal apps (skills) and upgrade. This might hold particularly true for women, who are urgently needed in greater numbers if the cybersecurity industry is to meaningfully address the longstanding shortage … More

online shop owned

Macy’s online store compromised in Magecart-style attack

The webshop of noted U.S. department store company Macy’s has been compromised and equipped with an information-stealing JavaScript, which ended up collecting users’ personal and payment card information for a week. What is known about the breach According to the notice sent by Macy’s to affected customers, the breach was discovered on October 15, 2019, after they were alerted to a suspicious connection between and another website. “Based on our investigation, we believe that … More