Lumension® Endpoint Intelligence Center

Intelligence Center » News Archive » Hackers are exploiting Magento flaw to steal payment card info

Hackers are exploiting Magento flaw to steal payment card info

2015/06/29

Help Net Security - (International) A security researcher from Sucuri Security discovered that attackers are actively exploiting a flaw in eBay's Magento platform to steal users' billing and payment card information by injecting malicious code into Magento's core file. Researchers are investigating the attack vectors to identify the vulnerability. [ed.: Another good use case for application whitelisting: prevent malicious file alteration.]

Source: http://www.net-security.org/secworld.php?id=18565

Note: This news synopsis is taken from the DHS Daily Open Source Infrastructure Report, a daily [Monday through Friday, except US Federal holidays] summary of open-source published information concerning significant critical infrastructure issues; a 10-day archive of the DOSIR can be found at: http://www.dhs.gov/dhs-daily-open-source-infrastructure-report.


Last Updated: 27 May 2016 10:24:35