Critical Security Bugs Compromise Users
Does your eCommerce run on Magento?
It’s time to think twice, as unpatched versions of Magento have a critical security flaw which can expose confidential payment information.
According to IT Pro Portal a security compromising bug was recently discovered on the platform, which allowed malicious users to steal sensitive information through eBay’s eCommerce interactions. The flaw was immediately exploited, with attacks leaving Magento customers at victim of having credit card details exposed. This particular security flaw allowed hackers to bypass all security protocol and enter the eBay database.
The wider consequences of a security breach such as this is that it poses a serious threat to all existing eCommerce stores on the Magento Platform. This means that the security of up to 200,000 sites was compromised.
Although Magento urged customers to install the latest update which acted as a fix for the bug, evidence displays hackers taking advantage of the breach by scanning through sites yet to be updated. This refers to roughly 60% of Magento sites which are unpatched, making it a funfair for hackers.
Similarly, Wordpress also reported a vulnerability surrounding a number of third party plugins. This is an example of how external plugins simply fall short in comparison to the Core dna fully integrated applications. Although Wordpress worked to patch the updates, it then becomes a matter of users manually installing the updates. This responsibility of security is placed squarely onto the shoulders of its users. They are recommended to patch, monitor, reduce plugin scope, detect and implement an in-depth defence such as their own Cloud Proxy’s. If failed to follow through this can prove fatal for a user’s website.
These are responsibilities which our developers professionally manage for our clients. The Core dna platform makes it increasingly difficult for hackers exploit flaws in the infrastructure, with developments, improvements and patches all rolled out to ensure maximum security. Dispatched via the Core Cloud, our developers simultaneously deploy the latest developments straight to your website reducing your overall threat risk.
Core Cloud Security Benefits:
1. No need to upgrade software or manage backend security infrastructure
2. Continuous integration and ongoing updates
3. Our advanced security systems include ongoing penetration testing and industry best practices
4. Integrated applications provide you with production ready products