Free Newsletter
Register for our Free Newsletters
Newsletter
Zones
Access Control
LeftNav
Alarms
LeftNav
Biometrics
LeftNav
Detection
LeftNav
Deutsche Zone (German Zone)
LeftNav
Education, Training and Professional Services
LeftNav
Government Programmes
LeftNav
Guarding, Equipment and Enforcement
LeftNav
Industrial Computing Security
LeftNav
IT Security
LeftNav
Physical Security
LeftNav
Surveillance
LeftNav
View All
Other Carouselweb publications
Carousel Web
Defense File
New Materials
Pro Health Zone
Pro Manufacturing Zone
Pro Security Zone
Web Lec
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
 
News

Vulnerability discovery in e-commerce platform

Check Point : 22 April, 2015  (Technical Article)
Check Point discovers vulnerability affecting a popular web e-commerce platform used by online auction site
Vulnerability discovery in e-commerce platform

Check Point has announced that its Malware and Vulnerability Research Group recently discovered a critical RCE (remote code execution) vulnerability in eBay’s Magento web ecommerce platform, affecting nearly two hundred thousand online shops.

If exploited, the vulnerability gives the attacker the ability to fully compromise any online store based on the Magento platform, including credit card information and other customer financial and personal data. The vulnerability allows any attacker to bypass all security mechanisms and gain control of the store and its complete database, allowing credit card theft or any other administrative access into the system.

“As online shopping continues to overpower in-store shopping, ecommerce sites are increasingly targeted by hackers as they have become a gold mine for credit card information,” said Shahar Tal, Malware and Vulnerability Research Manager at Check Point Software Technologies. “The vulnerability we uncovered represents a significant threat not to just one store, but to all of the retail brands that use the Magento platform for their online stores – which represents about 30% of the ecommerce market.”

Check Point privately disclosed these vulnerabilities together with a list of suggested fixes to eBay prior to public disclosure. A patch to address the flaws was released on February 9, 2015 (SUPEE-5344 available here). Store owners and administrators are urged to apply the patch immediately.

Check Point’s Threat Intelligence & Research divisions regularly investigate attacks, vulnerabilities and breaches, and develop protections to secure Check Point’s customers.

Check Point customers are already protected from exploitation attempts of this vulnerability through the IPS software blade.

Bookmark and Share
 
Home I Editor's Blog I News by Zone I News by Date I News by Category I Special Reports I Directory I Events I Advertise I Submit Your News I About Us I Guides
 
   © 2012 ProSecurityZone.com
Netgains Logo