Browsing tag
Threat actors have been found exploiting a critical flaw in Magento to inject a persistent backdoor into e-commerce websites. The attack leverages CVE-2024-20720 (CVSS score: 9.1), which has been described by Adobe as a case of “improper neutralization of special elements” that could pave the way for arbitrary code execution. It was addressed by the […]
If you have ever registered an account with the official Magento marketplace to bought or sold any extension, plugin, or e-commerce website theme, you must change your password immediately. Adobe—the company owning Magento e-commerce platform—today disclosed a new data breach incident that exposed account information of Magento marketplace users to an unknown group of hackers […]
Magento, an Adobe-owned platform, announced the launching of an update patch to correct some critical SQL injection vulnerabilities; according to the authors of the book ‘Learn ethical hacking‘, one of these vulnerabilities is really easy to exploit, plus no authentication is required to do so. Magento is one of the most used e-commerce platforms. According […]
A new payment card stealing campaign with skimmer script targeting Magento stores. The malicious campaign is embedding Javascript based MagentoCore Malware on Magento stores that record keystrokes from customers and transfer the data in real-time to magentocore command and control servers. A Netherland security researcher Willem uncovered the attack, it appears a single group of […]
Leastways 1,000 Magento based websites including shops have been targeted and infected with this malware, say the information security training researchers. Threat analysis and cyber-security intelligence firm Flashpoint stated that cybercriminals have been targeting the open-source e-commerce platform Magento with malware since 2016. As a result, hundreds of e-commerce websites running via Magento have already […]
If you purchased OnePlus devices through the official site in the last few months, your credit card details could be at risk. Many users who bought OnePlus devices later reported suspicious activity on their credit card statement. According to a security firm Fidus, the issue could be associated with how the payment process happens, not […]
A popular version of the open source Magento ecommerce platform is vulnerable to a zero-day remote code execution vulnerability, putting as many as 200,000 online retailers at risk. The warning comes from security firm DefenseCode, which found and originally reported the vulnerability to Magento in November. “During the security audit of Magento Community Edition, a […]
Based on statistical data gathered by Sucuri from 7,937 compromised websites, WordPress, Joomla, and Magento, in this order, continued to be the most hacked CMS platforms in the third quarter of 2016 (months of July, August, and September). Among all hacked websites, 74% ran WordPress, which isn’t surprising if we take into account the CMS’ […]
Malware hides credit card data inside image files. Hackers are collecting payment card data from Magento stores, hiding the stolen data inside JPG images, which they’re downloading from infected stores without raising any suspicions. During the past year, attackers have shifted their gaze towards online e-commerce platforms, where they found a fertile ground for collecting […]
Before discovering my latest Magento RCE, I’ve found two different vulnerabilities, both resulting in the complete compromise of customer data and/or the server. As they are far less complicated, I’m presenting both of them in this single blog post for your convenience. Vulnerable Versions Magento EE & CE 2.x.x before 2.0.6. Re-Installation – Technical Description Some […]
A recently discovered zero-day bug may be at fault.Security researchers from both Sucuri and Malwarebytes have observed a recent massive malware distribution campaign that leverages Magento websites to redirect users to the Neutrino Exploit Kit, and then infect them with the Andromeda/Gamarue malware (infostealer). The first alarm bells sounded at Malwarebytes’ headquarters on Thursday, October […]
Magento has contacted the websites that appear to be vulnerable, Trustwave said. An open-source tool for importing content into the Magento e-commerce platform, called Magmi, has a zero-day vulnerability, according to security vendor Trustwave. The directory traversal flaw is in some versions of Magmi, which is used to move large amounts of data into Magento’s […]
Researchers recently discovered a smattering of vulnerabilities in web applications and mobile applications belonging to companies like Yahoo, PayPal, Magento, and Shopify that could have led to account theft, session hijacking, and phishing, among other consequences. Hadji Samir, Ebrahim Hegazy, Ayoub Ait Elmokhtar, and Benjamin Kunz Mejri, researchers with Vulnerability Lab, found the bugs earlier this […]