Media and Entertainment

Managing Insecure Magento Extensions

29 January - 4 February 2019

Insecure third-party extensions in Magento e-commerce platform have been identified as the main source of Magento hacks for the last three months, affecting several thousand stores.
Insecure third-party extensions in Magento e-commerce platform have been identified as the main source of Magento hacks for the last three months, affecting several thousand stores. The threat actors leverage on known vulnerabilities in outdated extensions to take over Magento sites for malicious activities such as skimming payment card details. Thereafter, the attackers download all other installed extensions in the hacked website to look for more security flaws in the extension base. When a flaw is identified, the hackers will launch a global scan to find sites using the same vulnerable extensions. Site owners who are unable to keep up with all the updates for its huge extension base can refer to the Magento insecure modules repository for patching vulnerable plugins. 

References:
[1] Bad Extensions Now Main Source of Magento Hacks: A Solution!
 
 
 
 
 
 
 

More Weekly Cyber Newsanalysis and insights

Ensign Consulting

Enhancing your security posture, developing your cyber strategy, and designing your incident response plans.​

Ensign Systems Integration

Architecting and implementing cybersecurity solutions that bolster defences

Ensign Managed Security Services

Managing your security operations for advanced threat detection, continuous monitoring, and triage services

Ensign Labs

Performing deep research to analyse vulnerabilities, deploy advanced threat hunting and provide cyber threat intelligence