magento

Back Open Paginator
19.04.2024 01:08
make-magento-faster (@make-magento-faster@www.sitepoint.com)

7 Easy Ways to Make a Magento 2 Website Faster — SitePoint

Is your Magento site running slowly? In this article, we cover seven practical tips for making a Magento 2 online store faster. #magento #Symfony

sitepoint.com/make-magento-fas




Show Original Post


16.04.2024 10:22
chandrasekhar121 (@chandrasekhar121@mastodon.social)

Meet Webkul, a leading Magento development company. With years of experience and a team of certified professionals, we specialize in providing customized eCommerce solutions tailored to your specific business requirements.

webkul.com/magento-development




Show Original Post


15.04.2024 16:00
wpWax (@wpWax@mastodon.social)

Thinking about an online store? WooCommerce vs Magento: We break down the pros & cons to help you decide!

wpwax.com/woocommerce-vs-magen




Show Original Post


12.04.2024 17:00
simsus (@simsus@social.tchncs.de)

#Patchday #Adobe: Schadcode-Attacken auf Experience Manager & Co. möglich | Security heise.de/news/Patchday-Adobe-S #AdobeCommerce #Commerce #AdobeMagento #Magento




Show Original Post


10.04.2024 20:02
techbot (@techbot@social.raytec.co)

Persistent Magento backdoor hidden in XML

Attackers are using a new method for malware persistence on Magento servers. Sansec discovered a cleverly crafted layout template in the database, which was used to automatically inject malware. The attackers combine the Magento layout parser with the beberlei/assert package to execute system commands, adding a backdoor to the CMS controller. This leads to a remote code execution backdoor which can be used to inject a fake Stripe payment skimmer.

Pulse ID: 6616d15907e0bbe3c1572c4c
Pulse Link: otx.alienvault.com/pulse/6616d
Pulse Author: AlienVault
Created: 2024-04-10 17:50:17

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

#BackDoor #CyberSecurity #InfoSec #Magento #Malware #OTX #OpenThreatExchange #RemoteCodeExecution #Troll #bot #AlienVault




Show Original Post


08.04.2024 16:02
redhotcyber (@redhotcyber@mastodon.bida.im)

Adobe Magneto: una pericolosa minaccia RCE per i siti di e-commerce

Gli specialisti di Sicurezza Informatica hanno avvertito che gli #hacker stanno già sfruttando una nuova #vulnerabilità in #Magento (CVE-2024-20720) e l'utilizzatore per implementare una #backdoor persistente sui siti di e-commerce.

#redhotcyber #online #it #web #ai #hacking #privacy #cybersecurity #cybercrime #intelligence #intelligenzaartificiale #informationsecurity #ethicalhacking #dataprotection #cybersecurityawareness #cybersecuritytraining #cybersecuritynews #infosecurity

redhotcyber.com/post/adobe-mag




Show Original Post


07.04.2024 18:27
bsscommerce (@bsscommerce@mastodon.social)

Magento 2 Cookie Compliance by BSS Commerce

In today's digital landscape, data privacy matters more than ever. Ensure your store is compliant with regulations and respects your customers' privacy effortlessly with our new extension.

Magento 2 Cookie Compliance extension by BSS Commerce! 🍪
bsscommerce.com/magento-2-cook





Show Original Post


07.04.2024 14:08
rfwaveio (@rfwaveio@mstdn.ca)

Security researchers reveal hackers have been exploiting a vulnerability in Magento to steal payment data from e-commerce sites.

The hackers take advantage of CVE-2024-20720 vulnerability to inject malicious code into the website, and execute code. The vulnerability was fixed as part of Feb 13, 2024 updates.

Administrators are advised to patch ASAP, and to look for signs of compromise.

#cybersecurity #threatintel #Magento

thehackernews.com/2024/04/hack




Show Original Post


07.04.2024 06:22
83r71n (@83r71n@ioc.exchange)

A critical vulnerability in Magento, identified as CVE-2024-20720, has been exploited by attackers to inject a persistent backdoor into Magento servers. This vulnerability allows attackers to insert malicious XML code into the layout_update database table, which is then executed every time a customer accesses the checkout cart. The execution of this malicious code relies on the combination of Magento's layout parser and the beberlei/assert package (lightweight PHP library designed for input validation in business models, libraries, and application low-level code), a component installed by default on Magento systems. The specific command executed, sed, is used to add a backdoor to the CMS controller, ensuring that the malware is re-injected even after manual fixes or system recompilations.

This attack method is particularly stealthy because it leverages the Magento layout system and a commonly installed package to secretly execute attacker-controlled commands. The attack is linked to the checkout page, meaning every time a customer visits their shopping cart, the malware triggers, reinfecting a vital system controller and ensuring its unwelcome return.

The attackers have also been found to siphon off sensitive customer payment details using a fake Stripe payment form, sending this stolen data off to a different compromised Magento store. This dual threat of persistent backdoor access and stolen payment data underscores the severity of the vulnerability.

sansec.io/research/magento-xml

#cybersecurity #magento #vulnerability #cve #persistent #backdoor #malware#sed #cms #xml #database #store #fake #form #stripe




Show Original Post


06.04.2024 15:24
simontsui (@simontsui@infosec.exchange)

Why you should care about the exploitation of CVE-2024-20720:
A similar Adobe Commerce and Magento Open Source vulnerability CVE-2022-24086 (9.8 critical, disclosed 13 February 2024 by Adobe as a zero-day; improper input validation) was "exploited in the wild in very limited attacks targeting Adobe Commerce merchants." CVE-2022-24086 was added to CISA's KEV Catalog on 15 February 2024, so there is a strong possibility that they would consider CVE-2024-20720. 🔗 helpx.adobe.com/security/produ

#CVE_2024_20720 #Adobe #Commerce #Magento #eitw #activeexploitation #threatintel #IOC




Show Original Post


05.04.2024 22:46
securityaffairs (@securityaffairs@infosec.exchange)

#Magento flaw exploited to deploy persistent #backdoor hidden in XML
securityaffairs.com/161534/hac
#securityaffairs #hacking #malware




Show Original Post


05.04.2024 15:28
simontsui (@simontsui@infosec.exchange)

Sansec reports active exploitation of CVE-2024-20720 (9.1 critical, disclosed 13 February 2024 by Adobe; Adobe Commerce/Magento Open Source OS command injection) to inject a fake Stripe payment skimmer, which would copy payment data to a compromised Magento store. IOC provided. 🔗 sansec.io/research/magento-xml

#CVE_2024_20720 #Adobe #Commerce #Magento #eitw #threatintel #activeexploitation #IOC




Show Original Post


1 2 3
UP