Analysis & Insights

Media and Entertainment

Managing Insecure Magento Extensions

29 January - 4 February 2019

Insecure third-party extensions in Magento e-commerce platform have been identified as the main source of Magento hacks for the last three months, affecting several thousand stores.
Insecure third-party extensions in Magento e-commerce platform have been identified as the main source of Magento hacks for the last three months, affecting several thousand stores. The threat actors leverage on known vulnerabilities in outdated extensions to take over Magento sites for malicious activities such as skimming payment card details. Thereafter, the attackers download all other installed extensions in the hacked website to look for more security flaws in the extension base. When a flaw is identified, the hackers will launch a global scan to find sites using the same vulnerable extensions. Site owners who are unable to keep up with all the updates for its huge extension base can refer to the Magento insecure modules repository for patching vulnerable plugins. 

References:
[1] Bad Extensions Now Main Source of Magento Hacks: A Solution!
 
 
 
 
 
 
 

More Weekly Cyber Newsanalysis and insights

Media and Entertainment

Managing Insecure Magento Extensions

29 January - 4 February 2019

Insecure third-party extensions in Magento e-commerce platform have been identified as the main source of Magento hacks for the last three months, affecting several thousand stores.
Insecure third-party extensions in Magento e-commerce platform have been identified as the main source of Magento hacks for the last three months, affecting several thousand stores. The threat actors leverage on known vulnerabilities in outdated extensions to take over Magento sites for malicious activities such as skimming payment card details. Thereafter, the attackers download all other installed extensions in the hacked website to look for more security flaws in the extension base. When a flaw is identified, the hackers will launch a global scan to find sites using the same vulnerable extensions. Site owners who are unable to keep up with all the updates for its huge extension base can refer to the Magento insecure modules repository for patching vulnerable plugins. 

References:
[1] Bad Extensions Now Main Source of Magento Hacks: A Solution!
 
 
 
 
 
 
 

More Weekly Cyber Newsanalysis and insights