Hackers Exploiting old Vulnerabilities in Magento

                            Hackers Exploiting old Vulnerabilities in Magento
According to the Federal Bureau of investigation, hackers exploiting a flaw in a plugin from Magento to hack online shops. The vulnerability found in Magneto is cross-site scripting (XSS) that allows the hacker to inject a malicious script inside the online store source code.

 Payment  Information which been recorded from user purchases is then encrypted in a Base64 format, enclosed inside a JPEG image and submitted towards the attacker server. Such form of attack is referred to as web skimming or e-skimming. 

The Plugin found with the bug is Magmi which was found three years ago more or less an update is available  Magmi-git 0.7.23 to fix XSS bug that enables initial storage access for attackers.

The FBI alert provides compromise (IOC) indicators which Magento provider can be used to prevent attachments to their websites in their web application firewalls.

         ADVICE FOR E-COMMERCE STORE MANAGERS

  • Check all applications for critical vulnerabilities and prioritize the early patching of network-connected server for identified vulnerabilities and Internet data processing tools such as web browsers.
  • Weblogs and web applications are being constantly checked and monitors for unauthorized entry, alteration and anomaly.

  • Perform network penetration checks, code integrity controls and dynamic device safety measures on websites to detect faults or misconfigurations on regular basics

0 Comments

Post a Comment

Post a Comment (0)

Previous Post Next Post