Magento 2 Security Posts

Magento Security Patch SUPEE-11219 Released

October 2019 saw Magento Inc. release SUPEE-11219, a brand-new security patch to shield latest versions of Magento eCommerce platform.

Though there have been no known attacks against the present safety issues, Magento team is sharp to respond timely to your suggestions and findings, as well as to continuously test and track the performance of the platform to ensure vulnerability-free environment for any ecommerce business with far-reaching ambitions. The SUPEE-11219 security patch addresses, among other, remote code execution (RCE), cross-site scripting (XSS) and cross-site request forgery (CSRF) issues. These have been noticeably enhanced in Magento Commerce 1.14.4.3 and Open Source 1.9.4.3. At the same time you may opt for the patch and install it on your version of the platform. 

More on recent security enhancements

Information on all the changes in 1.14.4.3 and 1.9.4.3 releases is available in the following release notes:

Opt for one of the following with regard to your Magento version, and ensure steadfast performance of your store:

Magento Commerce 1.9.0.0-1.14.4.1 Install SUPEE-11219 or upgrade to Magento Commerce 1.14.4.3
Magento Open Source 1.5.0.0-1.9.4.1 Install SUPEE-11219 or upgrade to Magento Open Source 1.9.4.3

A word of notice for Magento 2.1.x users

The Magento 2.2.10 software release marks the final supported software release for Magento version 2.1.x. As of June 30 2019, Magento 2.1.x will no longer receive security updates or product quality fixes now that its support window has expired.

Unboxing SUPEE-11219

MAGENTO SECURITY PATCH SUPEE-11155 RELEASED

Magento Inc. announces new patch to eliminate a number of acute errors and vulnerabilities in cross-site operations. SUPEE-11155 to stand guard over your Magento store.

Supee Patch 11155 for Magento

Magento has always kept a sharp eye on security and performance issues of the platform. The team guarantees safest environment for any ecommerce business with far-reaching ambitions. A  timely and powerful security patch SUPEE-11155 proves the best of Magento maintenance services. The patch contains multiple security enhancements which help close remote code execution, cross-site scripting, cross-site request forgery and other vulnerabilities.

Opt today for one of the following with regard to your Magento version, and ensure steadfast performance of the store:

Magento Commerce
1.9.0.0
1.14.4.1
Install SUPEE-11155 or upgrade to Magento Commerce 1.14.4.2
Magento Open Source
1.5.0.0
1.9.4.1
Install SUPEE-11155 or upgrade to Magento Open Source 1.9.4.2

List of high CVSSv3 severity issues addressed by the present security patch:

Magento 2 Security

Transactions and sensitive data security requires from store owners thorough and constant monitoring and upgrade.

Magento 2 Security

With the improvement of protection methods the ways of hacking and fraud advance in absolutely the same degree and their scale sometimes is just staggering.

Global Cybercrime

Suffice it to say that among the major crimes committed on the internet in 2015 were the following cases (Source: Forbes.com):

  • Anthem Inc. – 80 million patient and employee records stolen, including birth dates, home and email addresses, Social Security IDs, etc.
  • Ashley Madison – 37 million clientele records hacked and made public;
  • Office of Personnel Management – 21-25 million federal worker records, including unchangeable credentials like fingerprints;
  • Kaspersky Lab reported in their blog that they found some facts of spying on famous people, including participants in the international negotiations on Iran’s nuclear program.

In the digital world we currently leave these are really dangerous and scarring cases affecting our wealth and privacy. Usually we deal with less impressive data volumes, of course, still it doesn’t relieve us of the obligation to keep secured every handed record.

Despite that the above examples are not connected with ecommerce directly this area suffers not less than other digital areas. According to Trustwave, 43% of all data breaches investigated in 2014 were made in the ecommerce retail industry and 23% in 2015, accordingly. Well, it was a great improvement, but e-commerce still remains the most attacked retail digital sphere worldwide.

Most often, victims are located in the US, UK, and Australia. And, the most desired targets for digital thieves are credit cards data (POS environment), CNP (Card Not Present) transactions, proprietary information, financial credentials, etc.