Guided Website Threat Review

Foregenix Blog

Benjamin Hosack

Magento Websites - Have You Patched SUPEE-8788 Yet?

web security, Magento

,04/11/16 14:28

Last month Magento released SUPEE-8788 to fix a number of security issues – you can read about SUPEE-8788 in detail here.  A LOT of websites have not yet patched and are at risk of being hacked.

What is a Patch?

A patch is a minor software update released by software vendors to address functional or security issues in the older version of software. As can be seen with SUPEE-8788, the details of the issues addressed are listed by Magento so that admins can understand what is being addressed with the patch.

Why is Patching Important?

Patches are released to specifically address issues in the software – and when those issues are security issues, the patch is very important in order to effectively protect your online business from being exploited through the security vulnerabilities published with the patch.
Magento website security scan
As a digital forensic investigator, we assist a considerable number of websites that have been hacked and lost highly valuable information, including:

  • Client personal data
  • Payment Card Data

In a large proportion of cases, the website could have easily avoided having been hacked by simply keeping their patches up to date.

WebScan Statistics

Our latest WebScan statistics show the following:

  • 79% of the websites are At Risk using out of date software, specifically missing key security patches.
  • 23% are confirmed hacked and have credit card harvesting malware on their websites.
  • Only 20% have up to date software.

While patching does not prevent all hacks from occurring, it certainly ensures that your software is as secure as the vendors can make it.

If you’re unsure of your website’s current security status, please go ahead and check your site on WebScan.


Duncan Slater
Alert: Major UK Payment Service Provider iFrame Man-In-The-Middle Breach

The Foregenix Digital Forensics and Incident Response Team recently reported a man-in-the-middle ...

Read More
Kirsty Trainer
The "Key" to Secure Data - P2PE - Derived Unique Key Per Transaction (DUKPT)

Written by Andrew McKenna, PCI QSA, PCIP at Foregenix The encryption key infrastructure usually ...

Read More

Cyber Security Insights

Duncan Slater
21/07/17 10:15

Foregenix Review of the Office for National Statistics Crime Survey

Today [July 20th 2017] the Office for National Statistics in the UK released their annual Crime Survey for England and Wales (CSEW), for the twelve ...

Read More

Benjamin Hosack
10/07/17 16:40

Magento Websites: How is the security health of your website?

Cyber security is a hot topic, with articles appearing most days within the mainstream media.  As consumers, we’re all becoming more cyber-aware as ...

Read More

Kirsty Trainer
07/07/17 16:41

Take the Guesswork Out of Your Website Security

Let’s say that someone approaches you on the street one day. They point to a busy shop across the street, and they say to you, “That’s my store, and ...

Read More

Andrew McKenna
06/07/17 16:21

Why You Need To Defend Against Nation State Attacks

A few months ago, I was working on a risk assessment with a business and one of the most extreme threats, beyond targeted malware, was an attack by a ...

Read More

David Kirkpatrick
05/07/17 10:57

Penetration Testing: The Quest For Fully UnDetectable Malware

Malware continues to be one of the main attack vectors used by criminals to compromise user and corporate data. Using phishing or social engineering ...

Read More