logo.png
GET GDPR READY

Foregenix Blog

Benjamin Hosack

Magento Websites - Have You Patched SUPEE-8788 Yet?

web security, Magento

,04/11/16 14:28

Last month Magento released SUPEE-8788 to fix a number of security issues – you can read about SUPEE-8788 in detail here.  A LOT of websites have not yet patched and are at risk of being hacked.

What is a Patch?

A patch is a minor software update released by software vendors to address functional or security issues in the older version of software. As can be seen with SUPEE-8788, the details of the issues addressed are listed by Magento so that admins can understand what is being addressed with the patch.

Why is Patching Important?

Patches are released to specifically address issues in the software – and when those issues are security issues, the patch is very important in order to effectively protect your online business from being exploited through the security vulnerabilities published with the patch.
Magento website security scan
As a digital forensic investigator, we assist a considerable number of websites that have been hacked and lost highly valuable information, including:

  • Client personal data
  • Payment Card Data

In a large proportion of cases, the website could have easily avoided having been hacked by simply keeping their patches up to date.

WebScan Statistics

Our latest WebScan statistics show the following:

  • 79% of the websites are At Risk using out of date software, specifically missing key security patches.
  • 23% are confirmed hacked and have credit card harvesting malware on their websites.
  • Only 20% have up to date software.

While patching does not prevent all hacks from occurring, it certainly ensures that your software is as secure as the vendors can make it.

If you’re unsure of your website’s current security status, please go ahead and check your site on WebScan.

TRENDING POSTS

Kirsty Trainer
"Key" to Secure Data - P2PE - Derived Unique Key Per Transaction (DUKPT)

Written by Andrew McKenna, PCI QSA, PCIP at Foregenix The encryption key infrastructure usually ...

Read More
Duncan Slater
Alert: Major UK Payment Service Provider iFrame Man-In-The-Middle Breach

The Foregenix Digital Forensics and Incident Response Team recently reported a man-in-the-middle ...

Read More

Cyber Security Insights

Jake Dennys
17/01/18 09:23

Cryptocurrency Malware Affects 55% Of Businesses Worldwide.

Earlier this month we discussed mining malware and how crypto’s popularity might have an effect on it’s usage. Well, a report from Check Point has ...

Read More

Andrew McKenna
12/01/18 10:14

Your Encryption Checklist

Based on real and potential weaknesses identified in existing security protocols as well as industry guidance on algorithms, the following are some ...

Read More

Zacharias Pigadas
09/01/18 09:11

Supply Chain Attacks: A Closer Look

We, as Foregenix and as a security community, have seen our fair amount of breaches publicised the last year or so. Many of them are your ...

Read More

Jake Dennys
24/11/17 15:17

Black Friday Sees Website Traffic Increase by 200%

Black Friday is upon us and as I’m sure you know, it comes hand in hand with lucrative tech discounts from across the industry. For businesses ...

Read More

Richard Jones
17/11/17 09:39

Successfully implementing GDPR: Compliance and Awareness

The General Data Protection Requirement (GDPR) is essentially about privacy. It relies on cyber security controls to ensure that legitimately used ...

Read More