Report: Tens of Thousands of E-Commerce Sites at Heightened Security Risk
Report delivered at Payment Card Industry Security Standards Council meeting flags issues in deployments of Magento, a popular e-commerce platform.
Magento is a popular e-commerce platform, used by nearly 74,000 web sites in North America alone. And according to new research, 79% of them are at heightened risk from cyber criminals.
Researchers at Foregenix analyzed more than 170,000 Magento websites and found that 90% of those using Magento 1 are at this heightened risk, while roughly 30% of those with Magento 2 are at the elevated risk level.
The heightened risk comes from unpatched vulnerabilities, including 2.3% of all the Magento websites that have not yet patched for Magento Shoplift, a vulnerability that was disclosed (and a patch made available for) in January of 2015. Foregenix delivered the results of their research in October at the Payment Card Industry Security Standards Council European Community Meeting in London.
Andrew Henwood, Foregenix’s CEO, said in a prepared statement, "While the figures for North America are of great concern, they are roughly in line with our findings for many other regions such as Europe." Later in the statement, he pointed out that regular patching, changing default settings on administration interfaces, and using stronger passwords with multi-factor authentication can dramatically reduce the exposure of online e-commerce platforms and applications.
For more, read here.
Black Hat Europe returns to London Dec 3-6 2018 with hands-on technical Trainings, cutting-edge Briefings, Arsenal open-source tool demonstrations, top-tier security solutions and service providers in the Business Hall. Click for information on the conference and to register.
About the Author
You May Also Like
Transform Your Security Operations And Move Beyond Legacy SIEM
Nov 6, 2024Unleashing AI to Assess Cyber Security Risk
Nov 12, 2024Securing Tomorrow, Today: How to Navigate Zero Trust
Nov 13, 2024The State of Attack Surface Management (ASM), Featuring Forrester
Nov 15, 2024Applying the Principle of Least Privilege to the Cloud
Nov 18, 2024