1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Magento says compromised sites haven't patched older vulnerabilities

Discussion in 'Network World' started by RSS, Oct 21, 2015.

  1. RSS

    RSS New Member Member

    Magento said Tuesday there does not appear to be a new vulnerability in its e-commerce platform that is causing some websites to become infected with the Neutrino exploit kit.

    Some of the affected websites appear to not have patched a code execution vulnerability nicknamed the Shoplift Bug Patch, Magento's security team wrote in a blog post. A patch was released in February.

    Other Magento-powered sites have not applied other patches, making them vulnerable.

    The latest attack against Magento was highlighted by Malwarebytes and Sucuri, two security companies, who noticed attacks on the client and server sides.

    To read this article in full or to leave a comment, please click here

    Continue reading...

Share This Page