Contact Contact Us

Managing Insecure Magento Extensions
MEDIA AND ENTERTAINMENT INDUSTRY

Insecure third-party extensions in Magento e-commerce platform have been identified as the main source of Magento hacks for the last three months, affecting several thousand stores. The threat actors leverage on known vulnerabilities in outdated extensions to take over Magento sites for malicious activities such as skimming payment card details. Thereafter, the attackers download all other installed extensions in the hacked website to look for more security flaws in the extension base. When a flaw is identified, the hackers will launch a global scan to find sites using the same vulnerable extensions. Site owners who are unable to keep up with all the updates for its huge extension base can refer to the Magento insecure modules repository for patching vulnerable plugins.

References:
[1] Bad Extensions Now Main Source of Magento Hacks: A Solution!

Ensign InfoSecurity Singapore
6 Commonwealth Lane
Singapore 149547

Tel: +65 6788 2882
Fax: +65 6788 3883