Most Magento shops get compromised via vulnerable extensions
Vulnerable third party extensions (modules) are now the main source of Magento hacks, says security researcher and Magento forensics investigator Willem de Groot. “The …
Magento
Card skimming malware found on thousands of Magento-based sites
A card skimming operation has compromised 7,339 Magento-based online stores, allowing the attackers to quietly slurp payment card info as it’s being entered by …
The Wild West of drive-by cryptocurrency mining
As more and more Coinhive clones continue popping up, chances of users’ CPU power being hijacked for cryptocurrency mining are rising. According to Malwarebytes’ …
PoC for several Magento vulnerabilities released, update now!
DefenseCode has published proof of concept code for two CSRF and stored XSS vulnerabilities affecting a number of versions of the popular e-commerce platform Magento. Magento …
Defeating Magento security mechanisms: Attacks used in the real world
DefenseCode recently discovered and reported multiple stored cross-site scripting and cross-site request forgery vulnerabilities in Magento 1 and 2 which will be addressed in …
Magento-based online shops hit with self-healing malware
Administrators of e-commerce sites running on the open source platform Magento would do well to check their database for triggers with suspicious SQL code, warns Willem de …
6000+ compromised online shops – and counting
A week ago, RiskIQ researchers revealed that over 100 online shops have, at one point in the last six months, been injected with malicious JavaScript code that exfiltrates …
100+ online shops compromised with payment data-stealing code
Since March 2016 (and possibly even earlier), someone has been compromising a variety of online shops and injecting them with malicious JavaScript code that exfiltrates …
The gravest dangers for CMS-based websites
Over a third of all websites on the Internet are powered by one of these four key open source platforms: WordPress, Joomla!, Drupal and Magento. This makes the life of …
Year-old critical Magento flaw still exploited, payment info stolen
A whole year has passed since a critical e-shop hijacking flaw in the Magento CMS has been patched, but the vulnerability is still being exploited in attacks in the wild, …
