Friday, July 10, 04:46
Home security FBI: Error allowing hackers to attack Magento online stores!

FBI: Error allowing hackers to attack Magento online stores!

The FBI warns that hackers are exploiting a three-year-old bug, which is located in a Magento Plugin, aiming to take full control of online stores and then install a malicious script, which records and steals data from buyers' credit cards. This type of attack is widely known as “website skimming ”,“ e-skimming ”or“ Magecart ”, while the FBI has warned of a significant increase in such attacks in October last year.

Magento online stores

One was recently revealed campaign who exploits a mistake in Magmi. In particular, in this campaign, hackers take advantage of the error identified as CVE-2017-7391, a vulnerability in MAGMI (Magento Mass Import) - which is a plugin for online stores, which are based on Magento, as pointed out by FBI in an emergency security alert sent to the private sector earlier this month.

FBI hacker error

That said vulnerability is an error bundle between sites (XSS) that allows an intruder to insert a malicious code into the code HTML of an online store. The FBI also notes that many hackers have recently taken advantage of this vulnerability, with the ultimate goal of stealing. credentials environment from a Magento online store, which they use to take full control of targeted sites. They just get access to the targeted ones sites, place web shells for future access and then they start modifying the PHP files and JavaScript of the site with malicious code, which records the payment details entered in a store each time users make payments when purchasing new products. FBI also reports that credit card data recorded during user transactions, then encrypted in Base64 format, is hidden in the bits of a file. JPEG and are sent to server hackers, located at 89.32.251.136.

LEAVE ANSWER

Please enter your comment!
Please enter your name here

Pohackontas
Pohackontashttps://www.secnews.gr
Every accomplishment starts with the decision to try.

LIVE NEWS

Flutter UI Toolkit: Also available for Ubuntu distributions

Recently, the first (alpha) version of the Flutter UI toolkit was announced for Ubuntu-based operating systems. After...

The majority of companies are concerned about security in the public cloud!

Most companies are concerned about security in the public cloud. Specifically, a percentage of 70% admits that he has fallen victim ...

Joker Malware apps are redistributed through the Google Play Store

Security researchers have discovered another incident with Android malware that hides in applications and records unsuspecting ...

The U.S. military is taking new steps to stop hackers

The US military is also working to take advantage of cloud migration and at the same time ensure data security ...

Microsoft's new KDP technology eliminates malware

Microsoft today released the first technical details about a new security feature that will soon be part of Windows 10 ....

Evilnum hacking team linked to attacks on Fintech companies!

Evilnum malware has been detected in the area of ​​cyber security threats since 2018, with the APT team behind ...

Ford: Employees demand an end to the supply of police vehicles!

Ford officials have asked the company's management to stop building and selling police vehicles. The reason for ...

Conti ransomware uses 32 CPU challenges at the same time

A lesser-known ransomware executive known as Conti uses up to 32 simultaneous CPU threads to encrypt files on infected computers ...

Microsoft Office updates: Fix issues in Word and Skype

Microsoft released the non-security July updates for Microsoft Office, which include improvements and fixes ...

Google makes open source Tsunami Scanner

Google recently announced that it will open the Tsunami vulnerability Scanner, wanting to help large-scale businesses protect ...