#1 Trusted Cybersecurity News Platform Followed by 4.50+ million
The Hacker News Logo
Subscribe – Get Latest News
Cloud Security

Magento Vulnerability | Breaking Cybersecurity News | The Hacker News

Magento Marketplace Suffers Data Breach Exposing Users' Account Info

Magento Marketplace Suffers Data Breach Exposing Users' Account Info
Nov 28, 2019
If you have ever registered an account with the official Magento marketplace to bought or sold any extension, plugin, or e-commerce website theme, you must change your password immediately. Adobe—the company owning Magento e-commerce platform—today disclosed a new data breach incident that exposed account information of Magento marketplace users to an unknown group of hackers or individuals. According to the company, the hacker exploited an undisclosed vulnerability in its marketplace website that allowed him to gain unauthorized third-party access to the database of registered users — both customers (buyers) as well as the developers (sellers). The leaked database includes affected users' names, email addresses, MageID, billing and shipping address information, and some limited commercial information. While Adobe didn't reveal or might don't know when the Magento marketplace was compromised, the company did confirm that its security team discovered the breach la

Critical Magento SQL Injection Vulnerability Discovered – Patch Your Sites

Critical Magento SQL Injection Vulnerability Discovered – Patch Your Sites
Mar 29, 2019
If your online e-commerce business is running over the Magento platform, you must pay attention to this information. Magento yesterday released new versions of its content management software to address a total of 37 newly-discovered security vulnerabilities. Owned by Adobe since mid-2018, Magento is one of the most popular content management system (CMS) platform that powers 28% of websites across the Internet with more than 250,000 merchants using the open source e-commerce platform. Though most of the reported issues could only be exploited by authenticated users, one of the most severe flaws in Magento is an SQL Injection vulnerability which can be exploited by unauthenticated, remote attackers. The flaw, which does not have a CVE ID but internally labeled "PRODSECBUG-2198," could allow remote hackers to steal sensitive information from the databases of vulnerable e-commerce websites, including admin sessions or password hashes that could grant hackers access

GenAI: A New Headache for SaaS Security Teams

GenAI: A New Headache for SaaS Security Teams
Apr 17, 2024SaaS Security / AI Governance
The introduction of Open AI's ChatGPT was a defining moment for the software industry, touching off a GenAI race with its November 2022 release. SaaS vendors are now rushing to upgrade tools with enhanced productivity capabilities that are driven by generative AI. Among a wide range of uses, GenAI tools make it easier for developers to build software, assist sales teams in mundane email writing, help marketers produce unique content at low cost, and enable teams and creatives to brainstorm new ideas.  Recent significant GenAI product launches include Microsoft 365 Copilot, GitHub Copilot, and Salesforce Einstein GPT. Notably, these GenAI tools from leading SaaS providers are paid enhancements, a clear sign that no SaaS provider will want to miss out on cashing in on the GenAI transformation. Google will soon launch its SGE "Search Generative Experience" platform for premium AI-generated summaries rather than a list of websites.  At this pace, it's just a matter of a short time befo

Magento Hackers Using Simple Evasion Trick to Reinfect Sites With Malware

Magento Hackers Using Simple Evasion Trick to Reinfect Sites With Malware
Jun 20, 2018
Security researchers have been warning of a new trick that cybercriminals are leveraging to hide their malicious code designed to re-introduce the infection to steal confidential information from Magento based online e-commerce websites. So, if you have already cleaned up your hacked Magento website, there are chances your website is still leaking login credentials and credit card details of your customers to hackers. More than 250,000 online stores use open-source Magento e-commerce platform, which makes them an enticing target for hackers, and therefore the security of both your data and your customer data is of the utmost importance. According to the researchers at Sucuri , who have previously spotted several Magento malware campaigns in the wild, cybercriminals are currently using a simple yet effective method to ensure that their malicious code is added back to a hacked website after it has been removed. To achieve this, criminals are hiding their 'credit card stea

Today's Top 4 Identity Threat Exposures: Where To Find Them and How To Stop Them

cyber security
websiteSilverfort Identity Protection / Attack Surface
Explore the first ever threat report 100% focused on the prevalence of identity security gaps you may not be aware of.

Critical Flaws in Magento leave Millions of E-Commerce Sites at Risk

Critical Flaws in Magento leave Millions of E-Commerce Sites at Risk
Jan 27, 2016
If you are using Magento to run your e-commerce website, it's time for you to update the CMS ( content management system ) now. Millions of online merchants are at risk of hijacking attacks due to a number of critical cross-site scripting (XSS) vulnerabilities in the Magento, the most popular e-commerce platform owned by eBay. Why the Bugs are So Serious? Virtually all versions of Magento Community Edition 1.9.2.2 and earlier as well as Enterprise Edition 1.14.2.2 and earlier, are vulnerable to the Stored Cross-Site Scripting (XSS) flaws. The stored XSS flaws are awful as they allow attackers to: Effectively take over a Magento-based online store Escalate user privileges Siphon customers' data Steal credit card information Control the website via administrator accounts However, the good news is that the vulnerabilities are patched, and an update has been made available to the public after security firm Sucuri discovered and privately reported the v

Hackers Exploit Zero-Day Magento Vulnerability to Steal Your Credit Cards

Hackers Exploit Zero-Day Magento Vulnerability to Steal Your Credit Cards
Jun 29, 2015
Hackers are increasingly exploiting an unknown flaw to siphon payment card information from e-commerce websites that use Magento , the most popular e-commerce platform owned by eBay. Security researchers at Sucuri are still investigating the attack vector, but they believe that cyber criminals are injecting malicious code into the Magento core file or some widely used module/extension in order to steal payment card data. Back in April, a critical Remote Code Execution Flaw in Magento allowed hackers to fully compromise any online store powered by Magento and thereby gain access to credit card data and other financial, and personal information related to the customers. Credit Card Stealers? Now, Sucuri senior malware researcher Peter Gramantik have found an attack script that pilfers the content of every POST request and identifies valuable payment card data before storing it in an encrypted form that only the attacker can decrypt. Moreover, to evade detection,

Critical Vulnerability Found in Magento eCommerce Platform

Critical Vulnerability Found in Magento eCommerce Platform
Apr 21, 2015
The most popular e-commerce platform owned by eBay, Magento is once again in the news. This time for a critical Remote Code Execution (RCE) vulnerability , affecting hundreds of thousands of online merchants worldwide. If exploited, the critical vulnerability could allow a hacker to compromise completely any online store powered by Magento and gain access to credit card details and other financial as well as personal information related to the customers. Which isn't great? This serious flaw in Magento platform  exploits a series of vulnerabilities that ultimately allow unauthenticated attackers to execute any PHP code of their choice on the web server. All the vulnerabilities that lead to remote code execution (RCE) flaw are present in the Magento core code, and affect the default installation of both Magento Community and Magento Enterprise Editions. Running arbitrary code on the web server gives attackers the ability to bypass all security mechanisms and gain
Cybersecurity Resources