Researchers found a third of the top WordPress e-commerce plugins contain severe vulnerabilities tied to XSS cross-site scripting, SQL injection and file manipulation flaws.
Tag Archives: ecommerce
Magento Update Addresses XSS, CSRF Vulnerabilities
Magento patched 20 flaws last week, including a stored cross-site scripting (XSS) vulnerability that could have let an attacker take over a site.
‘Tis the Season to Shop Online
The holiday season is coming up and we expect that many will opt to shop online to avoid the big crowds in city centers, malls and stores.
In America, Cyber Monday, the cyber version of shopping day Black Friday, was born in the mid 2000s. Cyber Monday sales have steadily increased since its inception and according to IBM Digital Analytics, sales grew 8.5% in 2014. According to ComScore, purchases are now also being made from smartphones with overall spending from mobile devices in the millions.
Americans aren’t the only ones who have embraced Cyber Monday, many other retailers around the world have come together to offer deals on the Monday after U.S. Thanksgiving and in China, Singles’ Day (November 11th) has become a major ecommerce day with 27,000 online merchants participating in 2014.
This is not only an exciting time for online retailers and online shoppers but also for cyber criminals. I spoke with our senior malware analyst, Jaromír Hořejší about how cybercriminals are preparing for Cyber Monday:
Cybercriminals will use the same tactics they always do, but target consumers more during Black Friday with “special” offers via fake email campaigns to trick people into shopping on fraudulent sites to steal their information and money.
It is, therefore, vital you have antivirus installed on all of your devices. Antivirus software, like Avast, will detect and block phishing attacks before they can affect consumers.
Consumers should also make sure all of the software on their devices is up-to-date. Attackers often exploit vulnerabilities, which can be found in outdated software and by exploiting outdated software they can infect your device to then steal your financial information while you shop online.
In addition, consumers should shop at online stores that are known and credible. Credible sites usually use the HTTPS protocol, assuring secure communication. You can recognize if a site is using the HTTPS protocol by the little padlock in the address bar of your browser. If you are on a check out page and you don’t see the HTTPS padlock, do not enter your personal data and financial information!
How to minimize risks while shopping online
- Use a payment service or your credit card – Experts agree that payment services like PayPal are safe because of their security practices and the encryption technology they use. Link it to a credit card so you get your credit card’s fraud protections in addition to PayPal’s. If you only use a credit card, designate one card for online purchases so if something unusual happens, you don’t have to track down all your other cards.
- Keep a paper trail – Once you place your order, print or save records of the transaction. Check your credit card statement to make sure transactions match and there were no unauthorized charges.
- Avoid shopping while using public Wi-Fi – Unsecure public Wi-Fi hotspots do not give you any protection from hackers who want to monitor what you are doing online. It’s not difficult for someone to intercept and modify communications between you and another site. If you have to do it, then use a Virtual Private Network (VPN) so your communications will be encrypted.
- Use a secure browser – the new premium versions of Avast 2016 include SafeZone browser, which isolates banking and payment sites in a protected space, so users have an extra secure place to bank and pay bills online.
Follow Avast on Facebook and Twitter for more security tips, news, and trends.
How to shop online safely during the summer sales
The summer sales are upon us and there are plenty of good deals to be had online, but internet shopping is not without its dangers.
The post How to shop online safely during the summer sales appeared first on We Live Security.
Trio of Vulnerabilities Patched in Magneto Web App
A trio of vulnerabilities were recently patched in eBay’s Magento e-commerce web application that could have let attackers carry out a handful of exploits.
WordPress: Compromised Sites Leaking User Credentials
Only recently there were several reports of WordPress plugins and themes with vulnerabilities: Last week’s XSS vulnerability, multiple ones in the eCommerce shopping card plugin The CardPress, and a Zero Day exploit in WordPress 4.2.1.
This week it seems like there is yet another one. According to researchers at Zscaler there are a couple of compromised WordPress pages out there that are all leaking credentials. “The compromised sites run backdoor code, which activates when the user submits login credentials. The credentials are encoded and sent to an attacker website in the form of a GET request. Till now, we have identified only one domain “conyouse.com” which is collecting all the credentials from these compromised sites”, the page reads.
They conclude that WordPress, as one of the most popular Content Management Systems and blogging platforms, remains an attractive target for cybercriminals – especially due to the huge user base. Administrators should always keep their WordPress installations (including addons and themes) updated and patch as soon as there are security updates available.
If you want to find out more about the dangers you could face as a blog administrator and get some advice which might help you to protect your page, take a look at Ange Albertini’s blog article concerning the topic.
The post WordPress: Compromised Sites Leaking User Credentials appeared first on Avira Blog.