Nov 17 |
Posted by Lee Blakely on 17 November 2015 10:45 AM
|
Magento Commerce has received reports of a JavaScript malware exploit that forwards credit card information from checkout pages to an external site. Attacks are likely using Admin or database access to implement the exploit. It appears most impacted sites have not implemented the February 2015 Shoplift patch , or the patch was implemented after the site was already compromised. Attackers can also gain Admin access due to weak passwords, phishing, and other unpatched vulnerabilities. More information about this malicious code is available on the Magento Security Center . All merchants should take this opportunity to make sure that their sites are secure. We recommend that you:
If you need assistance with your store then please contact Reliable Penguin at support@reliablepenguin.com or 866-649-7984. | |