Website Security News
Magento store owners using the popular FishPig extensions should be wary of a recent supply chain attack which compromised their software repository. FishPig released a detailed security announcement on September 13th, 2022. The attack is estimated to have occurred on or before August 19th of…
Read More about Magento Supply Chain Attack Targets Extension Developer FishPig
One of the most important monitoring tools in our security platform is our Sucuri SiteCheck scanner. It’s a free tool to scan your website for known malicious content and malware…
Read More about WordPress Overtakes Magento in Credit Card Skimmers
As more businesses switch to online options Magento is a popular Content Management System (CMS) of choice for eCommerce websites. That being said, with the online industry becoming more interconnected…
On Sunday, February 13th, Adobe pushed an emergency update to their Magento2 ecommerce software patching a critical unauthenticated remote code execution vulnerability. It is marked as CVE-2022-24086 with a CVSS…
Read More about Adobe Patches Critical RCE Vulnerability in Magento2
While unpatched installations of Magento 2 contain many vulnerabilities, I’m going to focus my attention on Magento 1 for this article. This is because Magento 2 provides regularly updated patches…
Adobe has recently released several critical security patches for both their open source and commercial versions of their ecommerce platform. There are a total of 18 security vulnerabilities patched according…
Read More about Adobe Patches Critical Magento Vulnerabilities in Recent Update
During a recent investigation into a compromised Magento ecommerce environment, we discovered the presence of five different backdoors that would provide attackers with code execution capabilities. The techniques used by…
Recently one of our analysts, Weston H., found a very interesting credit card stealer in a Magento environment which loads a malicious JavaScript without using any script tags. In this…
Read More about Stylish Magento Card Stealer loads Without Script Tags
Bad actors often leverage creative techniques to conceal malicious behaviour and harvest sensitive information from ecommerce websites. A recent investigation for a compromised Magento 2 website revealed a malicious injection…
Read More about Magento 2 PHP Credit Card Skimmer Saves to JPG
A Magento website owner was concerned about malware and reached out to our team for assistance. Upon investigation, we found the website contained a PHP injection in one of the…
Read More about Magento PHP Injection Loads JavaScript Skimmer
During a recent investigation, a Magento admin login phishing page was found on a compromised website using the file name wp-order.php. This is an odd file name choice for a…
Read More about Magento Phishing Leverages JavaScript For Exfiltration
