Security News > 2019 > February > Most Magento shops get compromised via vulnerable extensions

Vulnerable third party extensions (modules) are now the main source of Magento hacks, says security researcher and Magento forensics investigator Willem de Groot. “The method is straightforward: attacker uses an extension bug to hack into a Magento store. Once in, they download all of the other installed extensions. The attacker then searches the downloaded code for 0day security issues, such as POI, SQLi and XSS flaws. Once found, the attacker launches a global scan to … More → The post Most Magento shops get compromised via vulnerable extensions appeared first on Help Net Security.

News URL

http://feedproxy.google.com/~r/HelpNetSecurity/~3/PNicxmexW1s/