SERVIDORES

Adobe urged customers using the Magento 1 e-commerce platform to upgrade to the latest version of Adobe Commerce after security company Sansec detected a mass breach of over 500 stores running the platform.

Recommends

Best VPN services
Best security keys
Best antivirus software
The fastest VPNs

In a statement to ZDNet, Adobe said it ended support for Magento 1 on June 30, 2020.

"We continue to encourage merchants to upgrade to the latest version of Adobe Commerce for the most up-to-date security, flexibility, extensibility, and scalability," an Adobe spokesperson said.

"At a minimum, we recommend Magento Open Source merchants on Magento 1 to upgrade to the latest version of Magento Open Source (built on Magento 2), to which Adobe contributes key security updates."

On Tuesday, Sansec released a report revealing that hundreds of stores were the victims of a payment skimmer loaded from the naturalfreshmall.com domain.

More than 350 ecommerce stores infected with malware in a single day.
Today our global crawler discovered 374 ecommerce stores infected with the same strain of malware. 370 of these stores load the malware via https://naturalfreshmall[.]com/image/pixel[.]js.
- Sansec (@sansecio) January 25, 2022

"We invited victims to reach out to us, so we could find a common point of entry and protect other merchants against a potential new attack. The first investigation is now completed: attackers used a clever combination of an SQL injection (SQLi) and PHP Object Injection (POI) attack to gain control of the Magento store," the researchers explained.

"Attackers abused a (known) leak in the Quickview plugin. While this is typically abused to inject rogue Magento admin users, in this case the attacker used the flaw to run code directly on the server."

In their examination of one attack, researchers found the threat actor left 19 backdoors on the system. They recommended victims use a malware scanner to identify all of the instances of malicious files or Magento code that had malicious code added to them.

Recommends

The best antivirus software and apps

A roundup of the best software and apps for Windows and Mac computers, as well as iOS and Android devices, to keep yourself safe from malware and viruses.

Read now

Sansec noted that even though Adobe has ended support for Magento, thousands of businesses still use it.

Magento has long been a source of issues for Adobe and the online merchants who use it. In November, the National Cyber Security Centre (NCSC) identified a total of 4,151 retailers that had been compromised by hackers attempting to exploit vulnerabilities on checkout pages to divert payments and steal details.

The majority of the online shops that cybercriminals exploited for payment-skimming attacks were compromised by known vulnerabilities in the e-commerce platform Magento. In February 2021, Magento received a slew of security fixes from Adobe. Specifically, Magento Commerce and Magento Open Source on all platforms were subject to a total of 18 bugs, varying in severity from critical to moderate.

More than 2,000 Magento online stores were hacked in September 2020, attacks that were also spotted by Sansec at the time. Attacks against sites running the now-deprecated Magento 1.x software were anticipated by Adobe, which issued the first alert in November 2019 about store owners needing to update to the 2.x branch.

Adobe's initial warning about impending attacks on Magento 1.x stores was later echoed in similar security advisories issued by Mastercard and Visa.

Even the FBI warned in 2020 that hackers were exploiting a three-year-old vulnerability in a Magento plugin to take over online stores and plant a malicious script that records and steals buyers' payment card data.

Security

8 habits of highly secure remote workersHow to find and remove spyware from your phoneThe best VPN services: How do the top 5 compare?How to find out if you are involved in a data breach -- and what to do next

8 habits of highly secure remote workers
How to find and remove spyware from your phone
The best VPN services: How do the top 5 compare?
How to find out if you are involved in a data breach -- and what to do next

Cisco Price, Dell Price, Huawei Price, ZTE HPE Fortinet Switch Router Server At Low Price

SERVIDORES

NOTÍCIAS QUENTES

Cisco Catalyst 9200 9200L Series Manual free PDF download

Quick Replacement Methods for Faulty Network Switches

2024 Revised Edition: How to Check Cisco Product Serial Numbers?

Cisco Catalyst 1300 Series Firmware: A Comprehensive Guide

What is the phone number for Cisco support?

What is Cisco WLAN controller?

What does a Cisco wireless controller do?

What is Active-Active Data Center?

​What is Cisco Partner Program? How to join Cisco partner?

What does Cisco ASR do?

Huawei S6700: How to Configure the MTU Value of an Interface

Huawei Switch S6700 Configuring the Traffic Statistics Interval

Huawei NE router: forget console password, how to recover it

What is Cisco Catalyst 3650?

How about cisco 2960X?

Huawei CloudEngine switches split stacking

What is Cisco ISR?

What is the Cisco SD-WAN?

What is Cisco licenses?

What is Cisco Catalyst 3750?

Huawei S6700 Backup Configuration File to FTP Server or Client

Restoring Factory Settings on Huawei CloudEngine Series Switches

What is Catalyst 9500?

Difference between Huawei HC & HCS & HCSO

What is the difference between Catalyst 9200 and 9200L?

Is the Cisco 3850 a switch or a router?

HUAWEI Switches S6700 - Example: Configuring the Device as an SCP Client

​What does the Cisco company do?

What is Cisco ISR 4331 router?

Public Cloud Hardware Integration Implementation

Adobe urges customers to upgrade after 500 stores breached through Magento platform

Recommends

Recommends

The best antivirus software and apps

Security

Tags quentes : Tecnologia Segurança

Ordering Guide

Recursos

Quem somos

What is Cisco Partner Program? How to join Cisco partner?

What does the Cisco company do?