Two hacking groups responsible for huge spike in hacked Magento 2.x stores

Two hacker groups are responsible for a huge spike in the number of hacked Magento 2.x shopping sites, according to Willem de Groot, founder of Sanguine Security.

This is now the third month in a row when the number of hacked Magento 2.x sites has doubled, after it previously doubled from March to April, and again from April to May.

At the heart of these spikes in hacked sites is “PRODSECBUG-2198,” which is the codename of a security flaw in the Magento 2.x content management system (CMS), the most popular CMS for building self-hosted online shops.

The vulnerability is an SQL injection flaw in the Magento CMS that can be exploited by remote, unauthenticated attackers to take over unpatched, vulnerable sites.

Read more…
Source: ZDNet