Cookies policy

The SRM website uses cookies to store information on your computer. By continuing to browse this website you are agreeing to our use of cookies. Learn more

The cookies stored on your computer when using the SRM website are used to anonymously record your usage of the website using Google Analytics.

Please read our privacy policy for further information.

Cookies accepted

Thank you - you've accepted our cookies policy.

Spring News 2016

Date: April 15, 2016


Magento Shoplift vulnerability still most common compromise

SRM’s research into data collected over the last quarter of 2015 reveals that the Magento Shoplift vulnerability (http://blog.srm-solutions.com/mag-exploits/) (http://blog.srm-solutions.com/mag-exploits/) continued to be the most common source of compromise in cases referred to us. This is in spite of the fact that it has been quite a while since a patch was released to address this particular vulnerability.

Magento Shoplift is not a new problem but rather a recurring one. It was also identified in our third quarter analysis as the most common vulnerability, allowing the intruder to insert an administrative level user to the database, thereby allowing them to insert malicious code to steal sensitive information and execute malicious actions.

During the September – January period, a broad range of companies contacted us from the very large to the very small, all legally required to seek assistance in securing data breaches; but the largest number of cases came from SMEs, in particular specialist online retailers. Their problems were not, however, limited to the Magento Shoplift vulnerability.

Other attack vectors noted were vulnerable plugins installed on the major content management systems Magento or WordPress. In the majority of cases, the vulnerable plugin allows an external user to upload a malicious file such as a web shell and take control of the victim’s website thereby allowing them to execute code and steal sensitive information. In some cases, significant fines were levied as a result of the breach, with organisations subsequently required to demonstrate compliance with the Payment Card Industry Data Security Standard PCI DSS.

Read more (http://blog.srm-solutions.com/pci-breach-trend-report-september-2015-january-2016/)

 

Kane Cutler – youngest PFI in the world

At 26, this exclusive accreditation makes Kane one of, if not the youngest, PFI in the world.

Read more (http://blog.srm-solutions.com/kane-cutler-youngest-pfi-in-the-world/)

 

Ransomware Ransomware affecting Windows, Linux and Mac with Javascript code

Read more (http://blog.srm-solutions.com/ransomware/)

 

Cybersecurity healthcheck 2016 SRM consultants reveal a few of their own cyber security tips.

Read more (http://blog.srm-solutions.com/cyber-security-health-tips-for-the-new-year/)

 

LinkedIn phishing scams

Read more (http://blog.srm-solutions.com/linkedin-phishing-scams/)

 

Follow us on Twitter (https://twitter.com/SRM_Team)

Connect with us on LinkedIn (https://www.linkedin.com/company/security-risk-management)