Magento Shoplift vulnerability still most common compromise
SRM’s research into data collected over the last quarter of 2015 reveals that the Magento Shoplift vulnerability (http://blog.srm-solutions.com/mag-exploits/) (http://blog.srm-solutions.com/mag-exploits/) continued to be the most common source of compromise in cases referred to us. This is in spite of the fact that it has been quite a while since a patch was released to address this particular vulnerability.
Magento Shoplift is not a new problem but rather a recurring one. It was also identified in our third quarter analysis as the most common vulnerability, allowing the intruder to insert an administrative level user to the database, thereby allowing them to insert malicious code to steal sensitive information and execute malicious actions.
During the September – January period, a broad range of companies contacted us from the very large to the very small, all legally required to seek assistance in securing data breaches; but the largest number of cases came from SMEs, in particular specialist online retailers. Their problems were not, however, limited to the Magento Shoplift vulnerability.
Other attack vectors noted were vulnerable plugins installed on the major content management systems Magento or WordPress. In the majority of cases, the vulnerable plugin allows an external user to upload a malicious file such as a web shell and take control of the victim’s website thereby allowing them to execute code and steal sensitive information. In some cases, significant fines were levied as a result of the breach, with organisations subsequently required to demonstrate compliance with the Payment Card Industry Data Security Standard PCI DSS.
Read more (http://blog.srm-solutions.com/pci-breach-trend-report-september-2015-january-2016/)
Kane Cutler – youngest PFI in the world
At 26, this exclusive accreditation makes Kane one of, if not the youngest, PFI in the world.
Read more (http://blog.srm-solutions.com/kane-cutler-youngest-pfi-in-the-world/)
Read more (http://blog.srm-solutions.com/ransomware/)
Cybersecurity healthcheck 2016 SRM consultants reveal a few of their own cyber security tips.
Read more (http://blog.srm-solutions.com/cyber-security-health-tips-for-the-new-year/)
LinkedIn phishing scams
Read more (http://blog.srm-solutions.com/linkedin-phishing-scams/)
Follow us on Twitter (https://twitter.com/SRM_Team)
Connect with us on LinkedIn (https://www.linkedin.com/company/security-risk-management)