1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Attackers try to compromise Magento with a fake patch

Discussion in 'CSO' started by RSS, Feb 15, 2016.

  1. RSS

    RSS New Member Member

    Attackers are still trying to find Magento installations that haven't patched a particularly bad vulnerability, this time trying to trick people into downloading a fake patch.

    The bogus patch purports to fix a flaw known as the Shoplift Bug, or SUPEE-5344, wrote Denis Sinegubko, a senior malware researcher with Sucuri.

    "While the patch was released February 2015, many sites unfortunately did not update," he wrote. "This gave hackers an opportunity to compromise thousands of Magento powered online stores."

    To read this article in full or to leave a comment, please click here

    Continue reading...
     

Share This Page