Website Security News
Keep up to date on the latest Magento infections and mitigation steps to keep your Magento shop secure. Browse our latest posts about Magento security, including the latest vulnerability disclosures, credit card swipers, and PCI compliance.
While unpatched installations of Magento 2 contain many vulnerabilities, I’m going to focus my attention on Magento 1 for this article. This is because Magento 2 provides regularly updated patches for many of the most common vulnerabilities targeting the platform. While Magento 1 also contains…
Adobe has recently released several critical security patches for both their open source and commercial versions of their ecommerce platform. There are a total of 18 security vulnerabilities patched according…
Read More about Adobe Patches Critical Magento Vulnerabilities in Recent Update
During a recent investigation into a compromised Magento ecommerce environment, we discovered the presence of five different backdoors that would provide attackers with code execution capabilities. The techniques used by…
Recently one of our analysts, Weston H., found a very interesting credit card stealer in a Magento environment which loads a malicious JavaScript without using any script tags. In this…
Read More about Stylish Magento Card Stealer loads Without Script Tags
MageCart is the name given to the roughly one dozen groups of cyber criminals targeting e-commerce websites with the goal of stealing credit card numbers and selling them on the…
Read More about Magecart Swiper Uses Unorthodox Concatenation
In my previous post about ecommerce credit card swipers I described the general overview of the online ecommerce environment as well as some of the reasons behind why websites become…
Read More about Online Credit Card Theft – A Brief Overview of Online Fraud and Abuse – Part 2
When it comes to the ABCs of website security server side scans and file integrity monitoring are the “A” and “B”. In fact, our server side scanner is one of…
Read More about Server Side Scans and File Integrity Monitoring
Bad actors often leverage creative techniques to conceal malicious behaviour and harvest sensitive information from ecommerce websites. A recent investigation for a compromised Magento 2 website revealed a malicious injection…
Read More about Magento 2 PHP Credit Card Skimmer Saves to JPG
A client recently reported their customers were receiving antivirus warnings when trying to access and purchase products from a Magento ecommerce website. This is almost always a telltale sign that…
Read More about Bogus CSS Injection Leads to Stolen Credit Card Details
During a routine investigation, we found yet another web skimmer that pretends to be related to Sucuri. One of our Remediation Analysts, Liam Smith, found the following code injected into…
Read More about Another Credit Card Stealer That Pretends to Be Sucuri
Shopping season is here, and so is the opportunity for ecommerce site owners to grow their business and generate revenue. In lieu of the changing global ecommerce climate that this…
