Cyber security news for all

More

    Is Magento A Safe Or Insecure E-Commerce Solution?

    In the middle of the week an article appeared on the IT news portal about attack waves on Magento e-commerce systems. In Magento 2 security, an unfortunate formulation promptly sparked a discussion. Magento was quickly placed in the corner of unsafe e-commerce solutions, which is simply wrong. If you look at the statistics of Magento in recent years, there have never been any really critical problems. Due to the enormously high distribution of Magento, this is almost a miracle, as other widespread systems have more often to struggle with security problems.

    The reason that a lot of unsafe software still appears is unfortunately simply due to the programmers, who often know little about the topic and do not have the time to familiarize themselves with it. But why are there security gaps? Why can a blog suddenly serve as a file editor for Magento configuration files? The reason for this is always the lack of verification of input and misuse. We build our houses from hard stones so that they can withstand wind and weather – nevertheless we can open a window with one of these stones to break into a house.

    Magento

    Codes Were Used On The Magento Systems To Access Card Data

    Malware is malicious code that is injected into software, for example to access the contents of the database or to fundamentally manipulate the behavior of the software. In the event of attacks on the Magento systems, the malicious code was used to access credit card data or to send it. So far this is correct and definitely a security-critical problem, because the theft of credit card data leads to massive problems.

    How Was The Malicious Code Used?

    First of all, the good news: the malicious code was not used into Magento due to a security vulnerability. Ultimately, it was a brutal force attack on the Magento backend. The Magento backend is automatically called up and every imaginable type of username and password combination is tested. If the correct combination of user name and password was determined, the attackers would implement a JavaScript in the Magento front end. When a user or customer called up the front end, the JavaScript code was executed on the client and the data was then tapped. This took place in the browser, but not on the server or in Magento itself.

    Recent Articles

    Cyber threats become more dangerous to secure the digitization

    The pandemic has provided a boost to digital world. But now it is important to secure it. Examples of developments in the pandemic are...

    Sopra Steria was encrypted with Ryuk ransomware

    Last week, there was a successful ransomware on the servers of the French provider Sopra Steria. In an extremely brief statement, the company only...

    Emotet takes unusual approaches and loads new malware

    Even those who are not concerned with the security have mostly heard of Emotet. The malware has been up to mischief for several years,...

    Cyber criminals could exploit the Oracle network

    The software manufacturer Oracle network only holds its updates every three months. Oracle speaks of security gaps - Due to the extensive product range...

    Unauthorized access at Scalable Capital

    There has apparently been unauthorized access to individual data at Scalable Capital. The company informed its customers about the incident by mail yesterday, referring...

    Related Stories

    Leave A Reply

    Please enter your comment!
    Please enter your name here

    Stay on op - Ge the daily news in your inbox