Foregenix Blog

New JavaScript Malware Targeting Stripe.js on Magento Websites - Ajax Harvester

Posted by Mike Hinton on 04/04/17 07:53

The Foregenix DFIR team has discovered what is believed to be a unreported piece of malware which has recently been used to target insecure eCommerce websites processing through Stripe, running on the Magento framework.

Read More

Topics: web security, Magento, malware, JavaScript

Alert: New PHP Webshell Identified

Posted by Benjamin Hosack on 03/03/17 11:50

A new piece of malware has been identified by the Foregenix DFIR team.  The malware is a PHP webshell - a script, which when installed on a compromised system, presents a sophisticated administration platform allowing the attacker to browse the filesystem of the compromised server, upload, create, edit, download or delete files or stop running processes.

Read More

Topics: web security, Magento

Magento Security Tips - what can you do to protect your website?

Posted by Mike Hinton on 23/02/17 15:39

The eCommerce sector has seen significant year-on-year growth over the last 5 years. With that growth, the world's most popular eCommerce platform, Magento, has seen seen rapid growth too (currently 26% marketshare globally).

With popularity comes a downside - Magento websites are increasingly becoming the target of attacks by criminals .

Over 60% of breached eCommerce websites assisted by our team in 2016 were Magento-based websites.

Read More

Topics: web security, Magento, malware

Magento Malicious JavaScript in Action

Posted by Benjamin Hosack on 08/11/16 14:48

Magento websites have been under attack from a new malicious JavaScript family of malware - our forensic team has been working with many hacked websites to help them regain control of their online businesses and to limit losses.

Read More

Topics: web security, Magento, malware, JavaScript

Magento Websites - Have You Patched SUPEE-8788 Yet?

Posted by Benjamin Hosack on 04/11/16 14:28

Last month Magento released SUPEE-8788 to fix a number of security issues – you can read about SUPEE-8788 in detail here.  A LOT of websites have not yet patched and are at risk of being hacked.

Read More

Topics: web security, Magento

Alert: Magento "Cloud Harvester" Malware Targeting Insecure Websites

Posted by Minaxi Parmar on 04/08/16 09:00

Magento websites are under attack from a new credit card harvesting technique designed to evade detection while harvesting payment card data from major payment processor iframes - a new malware called Magento Cloud Harvester.

Read More

Topics: web security, Magento

Mico Digital signs as a FGX-Web Partner

Posted by Kirsty Trainer on 17/12/15 17:25

Foregenix welcomes Mico Digital as an official partner of its FGX-Web product. Mico Digital now offer FGX-Web to protect their clients' eCommerce websites from increasing threats, attacks and data breaches.

Read More

Topics: web security, Magento

Magento Malware Alert: Malicious Client Side Javascript

Posted by Kirsty Trainer on 02/12/15 16:55

Much has been made of the Magento Shoplift vulnerability and we have certainly seen a notable uplift in Magento related investigations on the back of it. A trend that we have observed involves a variation to the Shoplift attacks, designed to steal payment card data from outsourced payment models - such as iframes as provided by all major payment processors.

Read More

Topics: Forensics and Incident Response, web security, Magento

Magento Malware: Credit Card Hijack – Malicious Javascript Alert

Posted by Benjamin Hosack on 23/11/15 16:39

Our forensic team have just wrapped up a forensic investigation on an e-commerce business that has had a considerable number of customer data stolen – including credit card data. This latest Magento malware attack involved a malicious Javascript – recently announced by Magento on the 16th November 2015.

Read More

Topics: Forensics and Incident Response, web security, Magento

New Magento Patch: SUPEE-6788

Posted by Kirsty Trainer on 10/11/15 10:54

Magento Update: Magento has announced a new patch available for Magento Community versions older than 1.9.2.2 and Magento Enterprise versions older than 1.14.2.2.

Read More

Topics: Forensics and Incident Response, web security, Magento