Magento Security Posts

Introducing Magento Security Scan Tool: New Way to Enhance the Magento Store Security

The Magento team has recently introduced Magento Security Scan Tool designed to check Magento stores for potential vulnerabilities as well as for conformance to the Magento security best practices.

Introducing Magento Security Scan Tool: New Ways to Enhance Web Store Security

In this article, we will briefly review this new tool and describe how online merchants can use it in their work.

Magento Security Best Practices

Any web store can become an object of the hackers’ interest. Hackers might attempt to steal personal or payment information from this site to make fraudulent transactions. We already talked about these issues and the ways of their prevention in our article about the illegitimate customer payment protection in Magento 2.

Magento has its own approach to the security of a web store that includes several time-proven practices covering the main possible vulnerabilities.

Follow Up Email Security Patch

As far as we take the safety of our products just serious Aheadworks releases one more security patch for our Follow Up Email extension for Magento 1 stores.

Further tests showed that it contains some more potential vulnerabilities able to provide cyber criminals with an opportunity to get access to the Magento file system. In the affected versions of the extension (3.5.8 and above) attackers were likely able to create and read files through the discovered controller vulnerability.

Security Issue: Follow Up Email Vulnerability

Due to the found security issue we strongly recommend our Magento 1 customers to update the Follow Up Email extension till the latest secure version.

Security Issue: Follow Up Email Vulnerability

Recently, Aheadworks discovered a potential security vulnerability in its Follow Up Email extension for Magento 1 stores. The vulnerability is related to a potential opportunity of SQL injections and unauthorized access to Magento databases.

This issue was discovered in a short range of the Follow Up Email versions from 3.5.11 till 3.6.5. So, you do not need to update the module if you have installed other versions of the extension.

We strongly advise current Follow Up Email customers with the affected versions to update the module till the 3.6.6 version from their personal accounts or download the patch.

If you have any questions regarding the above security issue, please contact our support team.


New JavaScript Malware Issue: Make Sure Your Store is Secured

Recently Magento notified its users and partners about another security issue concerning sensitive payment information, in particular credit card credentials forwarded to external sites by frauds.

New JavaScript Malware Issue

The good thing is that this security issue is covered by the February 2015 Shoplift patch, still we ask you to scan your system and check it for any unknown files.

Safety Measures

The new JavaScript malware exploits your security weaknesses and forwards customers’ credit cards information from checkout pages to external sites. Intruders likely use Admin or database accesses, so please:

Please make sure that your Magento store is secured and safe for your customers. More information about this malicious code is available on Magento Security Center.