The vulnerability of software platforms for developing and managing online stores such as Magento Open Source, Adobe Commerce, and Adobe Commerce B2B lies in the lack of protective measures for website structures, allowing attackers to execute arbitrary code.

The vulnerabilities of the software platforms for developing and managing online stores such as Magento Open Source, Adobe Commerce, and Adobe Commerce B2B are related to the lack of measures taken to protect the website structure. Exploiting these vulnerabilities allows a malicious actor to...

A week in security (August 19 – August 25)

Last week on Malwarebytes Labs: Millennials’ sense of privacy uniquely tested in romantic relationships Hacked GPS tracker reveals location data of customers "We will hold them accountable": General Motors sued for selling customer driving data to third parties Why you need to know about ransomwa...

Cybercrime Rapper Sues Bank over Fraud Investigation

A partial selfie posted by Punchmade Dev to his Twitter account. Yes, that is a functioning handheld card skimming device, encrusted in diamonds. Underneath that are more medallions, including a diamond-studded bitcoin and payment card. In January, KrebsOnSecurity wrote about rapper Punchmade Dev...

The vulnerability of software platforms for developing and managing Magento Open Source and Adobe Commerce online stores lies in the insufficient protection of sensitive data. This allows attackers to gain unauthorized access to protected information or cause service failures.

The vulnerability of the software platforms for developing and managing Magento Open Source and Adobe Commerce online stores is related to insufficient protection of sensitive data. Exploiting this vulnerability can allow an attacker to gain unauthorized access to protected information or cause...

CVE-2023-41241 WordPress SureCart Plugin <= 2.5.0 is vulnerable to Cross Site Scripting (XSS)

Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in SureCart WordPress Ecommerce For Creating Fast Online Stores plugin = 2.5.0 versions...

Diafan CMS Cross-Site Scripting Vulnerability

Diafan CMS is a website builder from Diafan. It is used to create online stores. A cross-site scripting vulnerability exists in Diafan CMS v6.0, which originates from the lack of effective filtering and escaping of user-supplied data in the catid parameter of /shop/?module=shop&action=search, whi...

The vulnerability of the software platform for developing and managing online stores Magento Commerce arises from insufficient validation of input data. This allows attackers to circumvent existing security restrictions.

The vulnerability of the Magento Commerce software platform for developing and managing online stores exists due to insufficient verification of input data. Exploiting this vulnerability can allow a malicious actor to bypass existing security restrictions remotely...

The vulnerability of the software platforms for developing and managing Magento Open Source and Adobe Commerce online stores lies in the lack of access control mechanisms. This allows attackers to circumvent existing security restrictions.

The vulnerability of the Magento Open Source and Adobe Commerce software platforms for developing and managing online stores is related to deficiencies in access control. Exploiting this vulnerability could allow a malicious actor to circumvent existing security restrictions remotely...

A week in security (February 13 - 19)

Last week on Malwarebytes Labs: What is AI good at and what the heck is it, actually, with Josh Saxe: Lock and Code S04E04 Malwarebytes recognized as endpoint security leader by G2 CISA issues alert with South Korean government about DPRK's ransomware antics Jailbreaking ChatGPT and other large...

PrestaShop warns of vulnerability: Update your stores now!

A vulnerability affecting open source e-commerce platform PrestaShop could spell trouble for servers running PrestaShop websites. The 15-year-old organisations platform is currently used by around 300,000 shops worldwide. The exploit is very dependent on specific versions in use, so one PrestaSho...

Hackers Exploit PrestaShop Zero-Day to Steal Payment Data from Online Stores

Malicious actors are exploiting a previously unknown security flaw in the open source PrestaShop e-commerce platform to inject malicious skimmer code designed to swipe sensitive information. "Attackers have found a way to use a security vulnerability to carry out arbitrary code execution in serve...

The vulnerability of the software platform for developing and managing online stores Magento Commerce arises from insufficient validation of input data. This allows attackers to execute arbitrary code.

The vulnerability of the Magento Commerce software platform for developing and managing online stores exists due to insufficient verification of input data. Exploiting this vulnerability could allow a malicious actor to execute arbitrary code...

The vulnerability of the Magento Commerce software platform for developing and managing online stores stems from improper code generation, allowing attackers to execute arbitrary code.

The vulnerability of the Magento Commerce software platform for developing and managing online stores is related to improper code generation. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...

The vulnerability of the Magento Commerce software platform for developing and managing online stores relates to access control errors, which allow unauthorized users to gain unauthorized access to protected data.

The vulnerability of the Magento Commerce software platform for developing and managing online stores is related to lack of access control. Exploiting this vulnerability could allow an attacker operating remotely to gain unauthorized access to protected data...

The vulnerability of the Magento Commerce software platform for developing and managing online stores, related to authentication errors, allows a perpetrator to gain unauthorized access to protected information.

The vulnerability of the Magento Commerce development and management software platform is related to authentication errors. Exploiting this vulnerability can allow an attacker, operating remotely, to gain unauthorized access to protected information...

The vulnerability of the Magento Commerce software platform for developing and managing online stores, related to cross-site scripting, allows attackers to access confidential information.

The vulnerability of the Magento Commerce software platform for developing and managing online stores is related to cross-site scripting. Exploiting this vulnerability can allow a malicious actor to gain access to confidential information...

The vulnerability of the Magento Commerce software platform for developing and managing online stores lies in the lack of restrictions on file uploads, which allows attackers to execute arbitrary code.

The vulnerability of the Magento Commerce software platform for developing and managing online stores is related to the lack of restrictions on file uploads. Exploiting this vulnerability allows a malicious actor to execute arbitrary code remotely...

Magecart hackers launched largest ever attack against Magento stores

By Waqas Around 1,904 individual online stores were hacked due to the outdated Magento 1 platform. Here's what happened. This is a post from HackRead.com Read the original post: Magecart hackers launched largest ever attack against Magento stores...

Tuesday’s Magento 1 EOL Leaves Clock Ticking on 100K Online Stores

With Magento 1 reaching end-of-life EOL on Tuesday, Adobe is making a last-ditch effort to urge the 100,000 online stores still running the outdated version to migrate to Magento 2. Magento is a popular, Adobe-owned open-source e-commerce platform that powers many online shops. After June 30...

e-Commerce Site Hackers Now Hiding Credit Card Stealer Inside Image Metadata

In what's one of the most innovative hacking campaigns, cybercrime gangs are now hiding malicious code implants in the metadata of image files to covertly steal payment card information entered by visitors on the hacked websites. "We found skimming code hidden within the metadata of an image file...