Fake SUPEE-5344 Patch Steals Payment Details
Denis Sinegubko Update 2/17: This post is not about hackers tricking webmasters into installing fake Magento security patch. It’s about malware that pretends to be an applied…
Browsing Category
Magento Security
99 posts
Magento PCI Compliance Issues and Theft Over TLS
With about 30% of the market share, Magento is gradually becoming a “WordPress” of the ecommerce world. Like WordPress, it becomes a major target for…
Security Advisory: Stored XSS in Magento
Marc-Alexandre Montpas During our regular research audits for our Cloud-based WAF, we discovered a Stored XSS vulnerability affecting the Magento platform that can be easily exploited remotely.…
Malicious Pastebin Replacement for jQuery
Website hackers are always changing tactics and borrowing ideas from each other. One of the challenges of website security is staying on top of those…
Massive Magento Guruincsite Infection
We are currently seeing a massive attack on Magento sites where hackers inject malicious scripts that create iframes from “guruincsite[.]com“. Google already blacklisted about seven thousand sites because…
Magento Platform Targeted By Credit Card Scrapers
Peter Gramantik We’ve been writing a lot about ecommerce hacks and PCI Compliance recently. The more people buy things online, the more of an issue this will…
Magento Shoplift (SUPEE-5344) Exploits in the Wild
Daniel Cid As warned a few days ago, the Magento Shoplift (SUPEE-5344) vulnerability details have been disclosed by the CheckPoint team. They show step by step how it…
Critical Magento Shoplift Vulnerability (SUPEE-5344) – Patch Immediately!
The Magento team released a critical security patch (SUPEE-5344) to address a remote command execution (RCE) vulnerability back in February. It’s been more than two months…
Impacts of a Hack on a Magento Ecommerce Website
Recently we wrote about the impacts of a hacked website and how it is important to give website visitors a safe online experience. In this…
The Psychology Behind Why Websites Get Hacked
Joseph Herbrandson It’s an everyday conversation for security professionals that interact with new customers. The one where we have to explain that just because everything seems fine,…
Magento Security Update (1.7.0.2) – Zend_XmlRpc Vulnerability
David Dede A few days ago, Magento 1.7.0.2 was released to fix a very serious security vulnerability that allows attackers to read any file on the web…