Serious Magento bug will likely be exploited in the wild by card skimmers

Serious Magento bug will likely be exploited in the wild by card skimmers

Enlarge (credit: Mighty Travels / Flickr)

said Thursday that company researchers reverse-engineered an official patch released Tuesday and successfully created a working proof of concept exploit.

Over the past six months, a raft of competing crime gangs has been racing to infect commerce sites with JavaScript that surreptitiously steals purchasers’ credit card data. The compromises are the result of exploits against either known or zeroday vulnerabilities. A vulnerability of this severity in an e-commerce platform that boasts 300,000 businesses and merchants is almost certainly going to face in-the-wild attacks by the same card-skimmer gangs.

Read 7 remaining paragraphs | Comments