Security News

Adobe: Zero-Day Magento 2 RCE Bug Under Active Attack
2022-02-14 16:48

A zero-day remote code-execution bug in the Magento 2 and Adobe Commerce platforms has been actively exploited in the wild, Adobe said - prompting an emergency patch to roll out over the weekend. If you are running Magento 2.3 or 2.4, install the custom patch from Adobe ASAP, ideally within the next few hours;.

Emergency Magento update fixes zero-day bug exploited in attacks
2022-02-14 14:45

Adobe rolled out emergency updates for Adobe?Commerce and?Magento Open Source to fix a critical vulnerability tracked as CVE-2022-24086 that's being exploited in the wild. Administrators of online stores running Adobe Commerce or Magento Open Source versions 2.4.3-p1/2.3.7-p2 and below are strongly advised to prioritize addressing CVE-2022-24086 and apply the update as soon as possible.

Wave of MageCart attacks target hundreds of outdated Magento sites
2022-02-09 18:24

Analysts have found the source of a mass breach of over 500 e-commerce stores running the Magento 1 platform and involves a single domain loading a credit card skimmer on all of them. Sansec's subsequent investigation unveiled that the attackers abused a known vulnerability in the Quickview plugin to inject rogue Magento admin users that could then run code with the highest privileges.

Ecommerce platforms (cough, Magento) need patching before Black Friday, warns UK's National Cyber Security Centre
2021-11-22 17:14

If you run a small online business powered by the Magento ecommerce platform, Britain's National Cyber Security Centre is begging you to make sure it's fully patched ahead of Black Friday. "Retailers are urged to ensure that Magento - and any other software they use - is up to date," said the GCHQ offshoot in a statement today, adding it had notified 4,151 online stores that their Magento installations were vulnerable to compromise by criminals.

Magento Update Released to Fix Critical Flaws Affecting E-Commerce Sites
2021-08-10 23:53

Adobe on Tuesday shipped security updates to remediate multiple critical vulnerabilities in its Magento e-commerce platform that could be abused by an attacker to execute arbitrary code and take control of a vulnerable system. The issues affect 2.3.7, 2.4.2-p1, 2.4.2, and earlier versions of Magento Commerce, and 2.3.7, 2.4.2-p1, and all prior versions of Magento Open Source edition.

Magento Update Released to Fix Critical Flaws Affecting E-Commerce Sites
2021-08-10 23:53

Adobe on Tuesday shipped security updates to remediate multiple critical vulnerabilities in its Magento e-commerce platform that could be abused by an attacker to execute arbitrary code and take control of a vulnerable system. The issues affect 2.3.7, 2.4.2-p1, 2.4.2, and earlier versions of Magento Commerce, and 2.3.7, 2.4.2-p1, and all prior versions of Magento Open Source edition.

Adobe fixes critical preauth vulnerabilities in Magento
2021-08-10 21:08

Adobe has released a large Patch Tuesday security update that fixes critical vulnerabilities in Magento and important bugs in Adobe Connect. In total, Adobe fixed 29 vulnerabilities with today's updates.

Adobe fixes security holes in Magento, most of which are critical
2021-08-10 18:40

Adobe has released security updates to address vulnerabilities in Magento and Adobe Connect. Magento is a popular open-source e-commerce platform.

Adobe Warns of Critical Flaws in Magento, Connect
2021-08-10 18:35

Software maker Adobe has shipped security patches for flaws in its Adobe Magento and Connect product lines, warning that exploitation could lead to remote code execution attacks. The Adobe Magento patch lists 26 CVEs with severity ratings ranging from critical to important, according to an advisory from San Jose, Calif. Software vendor.

Magento Web Skimmers Piggyback in Ongoing Costway Website Compromise
2021-02-02 17:31

Two web skimmers have been discovered on the payment webpages of Costway, one of the top retailers in North America and Europe, which sells appliances, furniture and more. The skimmers are targeting consumers' credit-card payment details.