Almost 100 000 Web pages for e-commerce sites that are based on the open source OS Commerce software in accordance with security firm Armorize have been undermined with malware by means of a mass iFrame injection attack.
Chief technology officer at Armorize Wayne Huang, said that the ongoing mass-injection attacks seems to be carried out against the e-commerce sites. The successfully attacked sites are compromised with malware that is then utilized to try and attack visitors to those e-commerce sites.
Huang also adds that while attacks across the Web are not unusual, this one is notable as it is a mass-injection type of attack which is remindful of attacks that were implemented about 3 years ago very frequently but today are not so common.
Within the open-source software, the attackers can be leveraging a known vulnerability as Huang says, adding that attackers aim at lurking and watching for any information which is shared with public about newly detected vulnerabilities in software. He also notes that open source OS Commerce is a famous foundation for an e-commerce site that is rendered a different “look and feel” through diverse templates which are typically sold. Huang observes that some of the customization it provides can be hard to upgrade as it is sometimes “hardcoded”.
The OS Commerce open source group, according to its website, counts 249. 500 owners of store as deploying its Online Merchant software, that is available for free under the GNU General Public License. To the question emailed to OS Commerce there was no immediate response.
- .NET Development
- Banking & Finance
- Communities & Social networks
- Custom App Development
- Development process
- Digital Marketing
- Drupal Development
- E-commerce & Retail
- IT Blog
- IT News
- IT Outsourcing
- Java Development
- Media & Entertainment
- Medicine & Healthcare
- Product engineering
- Project & Resources planning
- QArea inside
- Software Testing
- Start-up Development
- Technology & Innovation
- Travel & Hospitality
- Useful Tips
- Web Design
Best Frontend Programming Languages to Create Beautiful and Fast InterfacesRead more
Capability Maturity Model Integration – QArea's big journeyRead more
QArea is a Unique Services Provider in 2019 CEE AwardsRead more
Ultimate Development Trends in 2018 to Reward Your Business in 2019Read more
Why You Should Write Your Next Microservice Using GolangRead more
7 Reasons to Truly Love MicroservicesRead more
The Best Languages for MicroservicesRead more
QArea's Year: Summing Up 2018Read more