Quote:Online retailers, particularly those still using the Magento 1 e-commerce platform, need to take action fast to update their security posture, according to Sonassi, which hosts Magento.
Magento 1 officially reached its end-of-life at the end of June and is therefore no longer supported by security patches.
Last week it was revealed that around 2000 e-commerce stores running the Magento 1 software were targeted by Magecart attacks over the previous weekend in the largest recorded campaign of its kind. It is estimated that tens of thousands of customers unwittingly had their payment details stolen as a result of the attacks.
Sansec’s Threat Research Team, which revealed the attacks, suggested that attackers may have found a new way to compromise their servers — potentially exploiting a zero-day in Magento 1 that was advertised online. It warned that if this is the case, 95,000 stores could also be exposed to the exploit, as they are running Magento 1.
James Allen-Lewis, development director at Sonassi, commented: “Unfortunately, this incident should not come as a surprise. As far back as last year, warnings had been issued about the likelihood of attacks on Magento 1 stores, and as the deadline to end-of-life grew closer, these warnings have gotten louder. While cyber-threats do exist on Magento 2, those remaining on Magento 1 are no longer supported with security patches, and therefore a prime target for hackers.”
Read more: https://www.infosecurity-magazine.com/ne...-security/
![[-]](https://www.geeks.fyi/images/collapse.png)
