Magento

Pierluigi Paganini September 02, 2018
MagentoCore skimmer already infected 7,339 Magento stores

MagentoCore skimmer already infected 7,339 Magento stores, according to the Willem de Groot who uncovered the campaign, it is the most aggressive to date. The cybersecurity researcher Willem de Groot has uncovered a massive hacking campaign aimed at Magento stores. The hackers have already infected 7,339 Magento stores with a skimmer script, dubbed MagentoCore, that siphons payment card […]

Pierluigi Paganini June 21, 2018
Magento credit card stealer Reinfector allows reinfect sites with malicious code

Cybercriminals used the ‘credit card stealer reinfector’ to reinfect the websites and continue to steal personal and financial data. Researchers at Sucuri reported crooks are using a very simple evasion technique to reinfect Magento websites after their malicious code has been removed. Cybercriminals have devised a method to hide the malicious code, the ‘credit card stealer reinfector’, used to […]

Pierluigi Paganini April 04, 2018
Thousands of compromised Magento websites delivering Malware

Hackers compromised hundreds of Magento e-commerce websites to steal credit card numbers and install crypto-mining malware. According to the security firm Flashpoint, hackers launched brute-force attacks against Magento installs, they used a dictionary composed of common and known default Magento credentials. “Ecommerce websites running on the popular open-source Magento platform are being targeted by attackers who are using […]

Pierluigi Paganini December 28, 2017
Hackers are attempting to breach Magento stores through the Mirasvit Helpdesk extension

The cybersecurity expert Willem de Groot reported cyber attacks against Magento websites running the popular helpdesk extension ‘Mirasvit Helpdesk.’ de Groot observed attackers sending a message like this to Magento merchants: Hey, I strongly recommend you to make a redesign! Please contact me if you need a good designer! – [email protected] The message contains a specially crafted sender that […]

Pierluigi Paganini September 17, 2017
MAGENTO 2.0.16 and 2.1.9 security update fixes critical flaw in the platform

Magento released updates for Magento Commerce and Open Source 2.1.9 and 2.0.16 that fixed also a critical remote code execution vulnerability. Magento released updates for Magento Commerce and Open Source 2.1.9 and 2.0.16 that fixed numerous flaws, including a critical remote code execution vulnerability. The remote code execution flaw impacts content management system (CMS) and layouts, it could be […]

Pierluigi Paganini April 14, 2017
Hundreds of thousands Magento e-shops are exploited to hack due to an unpatched flaw

An unpatched vulnerability in Magento platform could be exploited by hackers to compromise fully web servers that host the e-commerce sites. An unpatched vulnerability in the Magento e-commerce platform could be exploited by attackers to upload and execute malicious PHP scripts on web servers that host online shops. The vulnerability was reported by experts at […]

Pierluigi Paganini March 14, 2017
Crooks hijack Magento Realex Payments extension to steal payment card data

Cybercriminals hijack Magento Realex Payments extension to steal payment card data. Experts at Sucuri are observing massive attacks. Cybercriminals continue to target Magento platform to steal credit card data. Crooks have been abusing a payment module to steal payment card data from online shops running on Magento e-commerce platform. According to experts at security firm Sucuri, […]

Pierluigi Paganini February 17, 2017
A new SQL malware Targets online shops running on Magento

Security experts have discovered a new SQL malware targeting online shops running on Magento that hides the code in the website’s database. Security experts have discovered a new strain of malware that is targeted websites raising Russian the Magento eCommerce platform. The novelty is that this is the first a malware that hides the code in the website’s […]

Pierluigi Paganini October 19, 2016
Magento card-swiping malware hides stolen card data in legitimate images

Security experts have spotted an interesting exfiltration technique adopted by crooks to exfiltrate card data from Magento platforms. Security experts from Sucuri and RiskIQ have spotted an interesting exfiltration technique adopted by crooks to exfiltrate payment data from compromised e-commerce websites powered by the Magento platform. Cybercriminals have been using image files to store and exfiltrate […]

Pierluigi Paganini September 26, 2016
Security firm Sucuri analyzed tens of thousands of compromised websites

Security firm Sucuri published a detailed study, titled Hacked Website Report for 2016/Q2, on compromised websites on the Internet. According to the security expert Daniel Cid from Sucuri, at least 15,769 WordPress websites have been compromised this year. Sucuri has published a report, titled Hacked Website Report for 2016/Q2, related compromised websites on the web. The […]