Magento is considered as the best e-commerce platform available today and it has numerous features, plugins, regular updates and a huge community of developers. As the technology and security measures improve, so do the capabilities of the hackers. Hackers usually target e-commerce websites to gain credit card information or just for some kicks. The first step towards security starts with…
Category Archives Magento Security
Website owners are often bombarded with so much informaiton on web security. Here's top web security experts giving their one most important suggestion for your website's security.
Malware attacks are bad! They bring your business to a stand still and cause a loss money, reputation and even customers. Usually business owners only start caring about malware after they get infected with it. As they say everyone feels secure until they get hacked, and they haven't got hacked until now because a hacker didn't try. Once infected, it…
Magento 2, one of the largest open-source e-commerce platforms in the world, has often been an eye candy for people with malicious intent. No matter the amount of work gone into securing this platform, hackers tend to come up with new ways to circumvent security measures. As its reputation grows, so does the notoriety surrounding the diverse forms of malpractices…
Magento & OpenCart Credit Card Hijack Credit Card malware or Credit Card Hijack is when malicious PHP/JavaScript code is injected into Magento and OpenCart shops which allow hackers to intercept credit card data. This new way of credit card fraud has been undetected for 6 months. There are many cases in which hackers have targeted Magento Payment Security. What is Credit…
An OpenCart & Magento malware redirecting both desktop and mobile websites to malicious links has been doing rounds. Since last week we have encountered several cases of this malware. There are no specific versions which are being targeted as we have seen this infection in a wide range of versions in both Magento & OpenCart. Also, check our in-detailed blog…
With the rise in Magento related security incidents, it is important to restrict access to the Magento admin area. One foolproof way to secure the Magento backend from password guessing attacks is to only allow access to trusted IP addresses. This drastically minimizes the security risk and only takes a couple of minutes to configure. In this guide, we will…
Magento, one of the most favored e-commerce platforms, is often a target for cyber-criminals. Its huge popularity owes to its strict security practices, a timely update of system core and immediate fixes to security issues. Magento's latest security update contains multiple security enhancements. These updates relate to the Magento Open Source (formerly Community Edition) and Magento Commerce (formerly Enterprise Edition).…
When it comes to empowering retailers and brands, Magento is one of the most widely used e-commerce platforms. However, with great power comes greater responsibility of adhering to security practices for safe e-commerce businesses. On the contrary, Magento is one of the highest targeted e-commerce platforms for credit card fraud and user credential theft, with a staggering 62% of stores…
About Amasty RMA Extension Vulnerabilities During a security audit engagement with a client using Magento, our engineers discovered a few critical vulnerabilities in Amasty RMA extension. The first vulnerability allows a hacker to upload malicious files on the server. Since php files can also be uploaded, a hacker can easily upload malicious shells like c99, r57, anishell etc to the…