- Self-Healing Magento Malware Attack
- 30 Handy Tricks to Secure your WordPress Website
- New Security Patch (SUPEE-9652), CE/EE 2.1.4 & 2.0.12 and EE 184.108.40.206, CE 220.127.116.11 Released
- 20 Tips To Make Your Magento Store More Secure
A new self-healing malware has been discovered by Dutch malware experts. This malware targets online stores running on the Magento platform. It starts execution whenever a user places a new order and can self-heal using code hidden in the website's database. Though this is not the first time a malware is hiding code in the database of the website, is certainly the First Magento malware that uses SQL stored procedures.
WordPress is the most popular and widely used Content Management System in the world. An endless amount of websites have been developed and will inevitably continue to be. The popularity of WordPress doesn’t show signs of slowing down, it is projected that the number of WordPress sites will continue to increase exponentially for many years to come, indefinitely. Due to the extreme popularity of WordPress, security is a major concern- its flexibility and the easy-to-tweak code will attract hackers to integrate glitches throughout its system.
Magento has recently released some product and security updates. These new versions provide a range of improvements, including a fix for the recently discovered Zend Framework 1 security vulnerability and quality updates to catalog, payments, and sales modules in Magento 2.
Magento is a widely used open source eCommerce software. A Magento store is also prone to be a target of malicious activities by malware and hackers. And when transacting online, using credit cards or other mode of payment, security is of utmost importance. Even though Magento gets patched for security reasons on a regular basis, below is the detailed list of best practices which can be applied on Magento to mitigate the vulnerabilities.
A new Magento vulnerability has been found in a Zend Framework 1 and 2 EMAIL COMPONENT. The component is used by all Magento 1 and Magento 2 software and other PHP solutions. This vulnerability is serious and can lead to a remote code execution attack if your server uses Sendmail as a mail transport agent.