Security News > 2021 > November > 10,000+ websites and apps are vulnerable to Magecart

Some of the world's largest companies across retail, banking, healthcare, energy and many other sectors, including Fortune 500, Global 500 and governments are failing to prevent Magecart attacks, Cyberpion research revealed.

Magecart is the common name for a style of cyber attack in which hackers compromise third party code to steal, or scrape, information such as credit card data from web-applications or websites that incorporate the code.

The research analyzed more than 30,000 vulnerabilities over the last two years and found significant weaknesses in modern security platforms and processes to identify and mitigate exploits related to Magecart attacks.

"Our conclusion from the analysis is that as of today, organizations fail to face Magecart threats and detect the vulnerabilities and exploits that hackers leverage to conduct these attacks," said Cyberpion CEO Nethanel Gelernter.

"Victims are often the last to know as it's only later that organizations find that their data was sold or exploited, with the problem extending beyond any single vendor or client relationship. For enterprises in particular, Magecart attacks pose a significant challenge because it is problematic to set up a solution at scale."

Magecart vulnerabilities still plaguing websites and apps At least one of the top five enterprises in many verticals - retail, insurance, financial services, pharma, media, security and others - were found to be vulnerable or abused.

News URL

http://feedproxy.google.com/~r/HelpNetSecurity/~3/17HxmQsmmng/