Security News > 2017 > May > Defeating Magento security mechanisms: Attacks used in the real world (Help Net Security)
2017-05-09 20:22
DefenseCode recently discovered and reported multiple stored cross-site scripting and cross-site request forgery vulnerabilities in Magento 1 and 2 which will be addressed in one of the future patches. In light of these findings, this article describes examples of several attacks used in the real world that combine common vulnerabilities with faulty security mechanisms in Magento, leading to an unfavourable outcome. Examples will be aimed at Magento 2, but most of them can be applied … More →
News URL
http://feedproxy.google.com/~r/HelpNetSecurity/~3/YDAckUOBGew/
Related news
- Update your OpenWrt router! Security issue made supply chain attack possible (source)
- CERT-UA Warns of Phishing Attacks Targeting Ukraine’s Defense and Security Force (source)
- Cross-Domain Attacks: A Growing Threat to Modern Security and How to Combat Them (source)
- Patch Tuesday: January 2025 Security Update Patches Exploited Elevation of Privilege Attacks (source)
- Balancing usability and security in the fight against identity-based attacks (source)
- Security pros more confident about fending off ransomware, despite being battered by attacks (source)