SISA’s Post

WooCommerce Payments plugin versions 4.8.0 to 5.6.1, installed on over 600,000 sites, are being targeted by large-scale attacks due to a vulnerability (CVE-2023-28121). Attackers exploit the flaw to execute malicious code and take over susceptible sites. In parallel, Adobe ColdFusion flaws (CVE-2023-29298 and CVE-2023-38203) are being exploited to deploy web shells, urging users to update to the latest version for security against potential threats. https://lnkd.in/dhugSvwv

Have you checked in on your #Magento site's security lately? 🔒 If you haven't — or if you need a best practices refresher — we're here to help. Read our blog linked below — and if you have questions, comment "SECURE" on this post and our team will be in touch! 🤝 https://lnkd.in/eFJVn6xN #ecommerce #ecommercewebsite #ecommerceagency #ecommercesuccess #magento2 #websitesecurity #sitesecurity #security #shapingecommerce #blog

https://lnkd.in/eJJPrwg2 A sophisticated Magecart campaign has been observed manipulating websites' default 404 error page to conceal malicious code in what's been described as the latest evolution of the attacks. The activity, per Akamai, targets Magento and WooCommerce websites, with some of the victims belonging to large organizations in the food and retail industries. #cybernews #cybersecurity #informationsecurity #cyberawareness #akamai #waf

It's time to give your business website a security check up! Find some useful tips to harden your security for 2024, and protect against hackers. Need help? Send me a message, we will take a look for free. https://lnkd.in/gU677PUW #wordpress #websitesecurity #wordpressplugins #digitalmarketing #smallbusinessmarketing #smallbusinessowner #2024 #websitedesign

🌟 Urgent Security Update Released for Adobe Commerce and Magento Open Source: APSB24-18 🌟 The security update, identified as APSB24-18, was released on April 9, 2024. It addresses critical vulnerabilities present in Adobe Commerce and Magento Open Source. These vulnerabilities, if exploited, could lead to arbitrary code execution. To learn more, read our full blog post → https://loom.ly/-cNlMqE. #eCommerce #Magento #AdobeCommerce #MagentoOpenSource #SecurityUpdate #OnlineBusiness #Security #Performance #Enhancements #MagentoAgency #MagentoPartner

🛑 Stay Alert #WooCommerce users! A critical vulnerability is being exploited by #hackers to take over your sites. Update your plugins ASAP or let our techs do it https://lnkd.in/edapNDdk https://lnkd.in/dE9iUFer #cybersecurity #woo-commerce #wordpress

🚨 ATTENTION WORDPRESS WEBSTORE OWNERS 🚨 URGENT: Cybercriminals are exploiting a critical security flaw in WooCommerce Payments plugin! 😱 CVE-2023-28121 allows attackers to impersonate users, including admins, leading to potential site takeover. 600,000 sites are vulnerable! Update to the latest version ASAP! 🛡️ Also, watch out for Adobe ColdFusion flaws (CVE-2023-29298 & CVE-2023-38203). Update ColdFusion now to stay safe! 🔒 #WordPress #WooCommerce #CyberSecurity #UpdateNow #StaySafe https://lnkd.in/dE9iUFer

This is a great reminder to periodically review your user accounts on not just your website but all your applications and accounts. #msp #Denvermsp #cybersecurity #EnvisionITPartners

https://lnkd.in/d7nqwuK8 New Magecart Campaign Alters 404 Error Pages to Steal Shoppers' Credit Cards A sophisticated Magecart campaign has been observed manipulating websites' default 404 error page to conceal malicious code in what's been described as the latest evolution of the attacks. The activity, per Akamai, targets Magento and WooCommerce websites, with some of the victims belonging to large organizations in the food and retail industries. "In this campaign, all the victim websites we detected were directly exploited, as the malicious code snippet was injected into one of their first-party resources," Akamai security researcher Roman Lvovsky said in a Monday analysis. This involves inserting the code directly into the HTML pages or within one of the first-party scripts that were loaded as part of the website. The attacks are realized through a multi-stage chain, in which the loader code retrieves the main payload during runtime in order to capture the sensitive information entered by visitors on checkout pages and exfiltrate it to a remote server. "The purpose of separating the attack into three parts is to conceal the attack in a way that makes it more challenging to detect," Lvovsky explained. "This makes the attack more discreet and more difficult to detect by security services and external scanning tools that might be in place on the targeted website." Cybersecurity #news and Learning, Security Awareness, Cyber Security Basics, Cybersecurity #Vulnerabilities, Cyber Security Attacks and #CyberSecurity #Breaches, IT Security Training, Security Best Practices, Latest Trends, Latest Cyber News, Security #Threathunting, Security #Threat #Intelligence https://lnkd.in/eqpPwT6R This group is for Cyber Security Latest Trends, Latest Cyber Attacks, Cyber Security Vulnerabilities, Cyber Security Breaches, IT Security Training, Security Advisory and Best Practices... All Cyber Security Trainees, IT Security Aspirants, IT Security Experts, IT Engineers, IT Consultants, etc... all are welcome to Join... Regards, Ahsan Khan & Cyber Security News and Learning Updated...Team https://lnkd.in/eqpPwT6R #cybersecurity #cyberattack #informationsecurityawareness #securityawarenesstraining #cybersec #cybersecurityawareness #learning #cybersecuritynews #cybersecuritytips #hackernews #securitybestpractices #threatdetection #mittre #blueteam #databreach #dataprivacy #ransomware #soar #ttp #threatintel #computersecurityincidentresponse #ioc #c2 #phish #IT #Threatreport #redteam #pentest

Strengthen your WooCommerce fortress! Discover "12 Essential Security Tips for WooCommerce Stores" to safeguard against online threats. From robust passwords to secure hosting, fortify your online store with expert insights.💻🛡️🔒 https://lnkd.in/eY6jE6cS #WooCommerceSecurity #eCommerceSafetyTips #WooCommerce #WordPress    #SaffireTech