CyberSecurityBoard
Sponsor Register Login

Vendors Actively Bypass Year-Old Magento Vulnerability: Security Patch Issues

Vendors are actively bypassing the security patch for a year-old Magento vulnerability, a new research shows. The Magento platform is an open-source eCommerce solution widely used by merchants to create custom stores on the internet. In April 2020, Magento released a security patch for a critical vulnerability (CVE-2020-3722) that allowed threat actors to remotely execute arbitrary code on eCommerce sites using the Magento platform. The security patch released by Magento was intended to fix the vulnerability and protect merchants from potential attacks. However, many vendors were found to be actively bypassing the security patch and leaving their stores exposed. According to security researchers, multiple attempts have been made by vendors to bypass the vulnerability and exploit the Magento platform. The researchers believe that the vulnerability is more widespread than it was thought initially. Since the vulnerability affects eCommerce sites using the Magento platform, any failure to patch the vulnerability can leave merchants exposed to various cyber-attacks. The research suggests that merchants need to be more vigilant about patching their Magento sites or hiring an external security firm to ensure that the security patch is in place. Moreover, merchants should enable two-factor authentication, which adds an extra layer of security by requiring an additional code from a trusted device. This way, even if the vulnerability is being exploited, the merchants’ data would still be secure. It is also important for merchants to keep their software updated and ensure that all recent security patches are implemented. Overall, merchants need to be aware of the security risks posed by the Magento vulnerability and take necessary steps to protect their stores. Ignoring this vulnerability can lead to serious data losses, so it is important to act swiftly and address the issue in a timely manner. With the right measures in place, merchants can keep their online stores safe from potential threats.

This Cyber News was published on www.securityweek.com. Publication date: Sun, 22 Jan 2023 10:48:00 +0000


Cyber News related to Vendors Actively Bypass Year-Old Magento Vulnerability: Security Patch Issues

Vendors Actively Bypass Year-Old Magento Vulnerability: Security Patch Issues - Vendors are actively bypassing the security patch for a year-old Magento vulnerability, a new research shows. The Magento platform is an open-source eCommerce solution widely used by merchants to create custom stores on the internet. In April 2020, ...
1 year ago Securityweek.com
Check Point released hotfix for actively exploited VPN zero-day - MUST READ. Check Point released hotfix for actively exploited VPN zero-day. Microsoft Patch Tuesday security updates for May 2024 fixes 2 actively exploited zero-days. Critical Fortinet's FortiClient EMS flaw actively exploited in the wild. Apple ...
5 months ago Securityaffairs.com
New MOVEit Transfer critical bug is actively exploited - MUST READ. New MOVEit Transfer critical bug is actively exploited. CISA adds Microsoft SharePoint bug disclosed at Pwn2Own to its Known Exploited Vulnerabilities catalog. Critical Fortinet's FortiClient EMS flaw actively exploited in the wild. PoC ...
4 months ago Securityaffairs.com
Omdia: Standalone Security Products Outsell Cybersecurity Platforms - In its many briefings with cybersecurity vendors, one of the most consistent themes Omdia hears is why enterprises need cybersecurity platforms. Instead, vendors claim, enterprises could get better outcomes if they give up their multitude of ...
11 months ago Darkreading.com
Cybersecurity considerations to have when shopping for holiday gifts - Another aspect of security that many shoppers don't consider this time of year is the security of the products they're buying, even through a legitimate online marketplace. This is a glaring issue with home security cameras and Wi-Fi-connected ...
11 months ago Blog.talosintelligence.com
How Patch Management Software Solves the Update Problem - I've never met an IT leader who doesn't know how important patch management is. At Heimdal, we believe patch management software provides the solution to this problem. Patch management software is a technology that allows businesses to automate the ...
4 months ago Heimdalsecurity.com
How to conduct security patch validation and verification - Validation and verification are important steps in the security patch management lifecycle. They help to determine the impact of a patch on the security and efficiency of an organization's IT assets. Patch validation is the process of examining newly ...
7 months ago Techtarget.com
A personal Year in Review to round out 2023 - As you've probably seen by now, Talos released our 2023 Year in Review report last week. It's an extremely comprehensive look at the top threats, attacker trends and malware families from the past year with never-before-seen Cisco Talos telemetry. ...
11 months ago Blog.talosintelligence.com
Key software patch testing best practices - To ensure a predictable rollout when a patch is deployed across your network, it is important to test it first in a nonproduction environment. Companies install software and firmware patches to fix bugs, remove vulnerabilities and add new features, ...
7 months ago Techtarget.com
Cybersecurity jobs available right now: October 2, 2024 - Help Net Security - As an Applied Cybersecurity Engineer (Center for Securing the Homeland), you will apply interdisciplinary competencies in secure systems architecture and design, security operations, threat actor behavior, risk assessment, and network security to ...
1 month ago Helpnetsecurity.com
Embracing Security as Code - Everything is smooth until it isn't because we traditionally tend to handle the security stuff at the end of the development lifecycle, which adds cost and time to fix those discovered security issues and causes delays. Over the years, software ...
10 months ago Feeds.dzone.com
9 Best DDoS Protection Service Providers for 2024 - eSecurity Planet content and product recommendations are editorially independent. We may make money when you click on links to our partners. Learn More. One of the most powerful defenses an organization can employ against distributed ...
11 months ago Esecurityplanet.com
6 Best Cloud Security Companies & Vendors in 2024 - Cloud security companies specialize in protecting cloud-based assets, data, and applications against cyberattacks. To help you choose, we've analyzed a range of cybersecurity companies offering cloud security products and threat protection services. ...
9 months ago Esecurityplanet.com
Vulnerability Summary for the Week of March 4, 2024 - Published 2024-03-06 CVSS Score not yet calculated Source & Patch Info CVE-2023-52584416baaa9-dc9f-4396-8d5f-8c081fb06d67416baaa9-dc9f-4396-8d5f-8c081fb06d67416baaa9-dc9f-4396-8d5f-8c081fb06d67416baaa9-dc9f-4396-8d5f-8c081fb06d67 PrimaryVendor - ...
8 months ago Cisa.gov
Third-Party Security Assessments: Vendor Risk Management - As businesses rely more heavily on external vendors to provide critical services and support, the importance of effective vendor risk management strategies becomes paramount. This article explores the significance of third-party security assessments, ...
9 months ago Securityzap.com
Exploring the SIEM Environment Identifying and Overcoming Vendor Tricks - Are you fed up with the never-ending games and deceptive tactics used by security information and event management vendors? It's time to take control and make informed decisions. That's why we have decided to launch a series of blog posts to help ...
1 year ago Exabeam.com
Google says spyware vendors behind most zero-days it discovers - Commercial spyware vendors were behind 80% of the zero-day vulnerabilities Google's Threat Analysis Group discovered in 2023 and used to spy on devices worldwide. Zero-day vulnerabilities are security flaws the vendors of impacted software do not ...
9 months ago Bleepingcomputer.com
Konica Minolta Wins Two Platinum 'ASTORS' Homeland Security Awards - ' Now in its ninth year, it continues to recognize industry leaders in physical and border security, cybersecurity, emergency preparedness management and response, law enforcement, first responders, and federal, state, and municipal government ...
8 months ago Americansecuritytoday.com
Rugged Laptops: What Defense and First Responders Should Look For - Guest Editorial by Mike McMahon, President, Getac North America With law enforcement and first response data being targeted by bad actors and the growing threat of cyberspace being used as a theater of war, the rugged laptops used in the defense of ...
9 months ago Americansecuritytoday.com
Cloud-ready and Channel-first - For over 30 years, we've worked hand in hand with the channel to make the digital world a safer place. So we're delighted to receive more recognition of the value we're adding for partners and customers with the release of the latest CRN Cloud 100 ...
1 year ago Trendmicro.com
Microsoft Security Copilot improves speed and efficiency for security and IT teams - First announced in March 2023, Microsoft Security Copilot-Microsoft's first generative AI security product-has sparked major interest. With the rapid innovations of Security Copilot, we have taken this solution beyond security operations use cases ...
11 months ago Microsoft.com
Vulnerability Summary for the Week of March 11, 2024 - Published 2024-03-15 CVSS Score not yet calculated Source & Patch Info CVE-2021-47111416baaa9-dc9f-4396-8d5f-8c081fb06d67416baaa9-dc9f-4396-8d5f-8c081fb06d67416baaa9-dc9f-4396-8d5f-8c081fb06d67 PrimaryVendor - Product linux - linux Description In the ...
8 months ago Cisa.gov
Vulnerability Summary for the Week of November 27, 2023 - PrimaryVendor - Product apple - multiple products Description A memory corruption vulnerability was addressed with improved locking. Published 2023-12-01 CVSS Score not yet calculated Source & Patch Info CVE-2023-48842 PrimaryVendor - Product dell - ...
11 months ago Cisa.gov
Delve Risk and ThreatNG Security join forces to boost client decisions through advanced intelligence - Delve Risk and ThreatNG Security has unveiled a transformative partnership aimed at delivering intelligence solutions for security vendors. The collaboration between Delve Risk and ThreatNG Security represents a strategic alliance aimed at ...
11 months ago Helpnetsecurity.com
UEFI exploit 'worse than BlackLotus' pwns PCs using images The Register - Hundreds of consumer and enterprise devices are potentially vulnerable to bootkit exploits through unsecured BIOS image parsers. Security researchers have identified vulnerabilities in UEFI system firmware from major vendors which they say could ...
11 months ago Go.theregister.com

Latest Cyber News


Cyber Trends (last 7 days)


Trending Cyber News (last 7 days)