Monday, 27 April 2015

Still 88,000 Shops Vulnerable Magento Leak

A critical vulnerability in the popular shopping cart software Magento allow an attacker to completely take over the shop is still in 88,000 merchants present, even though the update since early February. The vulnerability is now being used to attack shops.

In addition, security company Check Point has released details about the leak. Researchers from the company warned Magento on 14 January this year about the problem they had found. A few weeks later, a security Magento. Still, many merchants decided not to install it. The Dutch hosting company Byte warned a week ago that still 140,000 merchants risked because they were not patched. Meanwhile, a significant portion of the vulnerable Magento shops install the update, but are still vulnerable 88,000 shops, according to the last census of Byte.

That census took place last Friday, the same day that the Magento developers a warning afgaven for the leak. Security firm Sucuri reported Friday that it had now perceived attacks that made ​​abuse of the leak. In addition, the company claimed that merchants who had rolled the patch not yet been hacked or that would be only a matter of time. Below is a video demonstration of Check Point which shows how online stores can be robbed by setting the price of goods at zero through the leak.

No comments:

Post a Comment