Magento eCommerce PHP Remote Code Execution

Check Point researchers recently discovered a critical RCE (remote code execution) vulnerability in the Magento on February 9th, 2015 The patch to the Remote Code Execution vulnerability is available on the Magento site; Magento Downloads, patch SUPEE-5344. More Technical information is available on Checkpoint This patch changes following files for community edition app/code/core/Mage/Admin/Model/Observer.php app/code/core/Mage/Core/Controller/Request/Http.php app/code/core/Mage/Oauth/controllers/Adminhtml/Oauth/AuthorizeController.php app/code/core/Mage/XmlConnect/Model/Observer.php lib/Varien/Db/Adapter/Pdo/Mysql.php Before applying Read more about Magento eCommerce PHP Remote Code Execution[…]

Magento owners at risk again from dangerous Malware

  Check if your Magento is a victim. So think before we go with a 3rd party extension again. 19/02/2015: Following the threat to Magento platform owners in October 2014, an evolved and more sophisticated malware – Malware Phantom – has been discovered by security experts Foregenix that puts online businesses at risk from a new Read more about Magento owners at risk again from dangerous Malware[…]