News Commentary: Adobe ends support for Magento
July 2020 by Satnam Narang, Staff Research Engineer at Tenable
As of yesterday, Adobe ended support for its popular e-commerce platform, Magento 1, just as attackers are exploiting an old vulnerability in Magento sites to steal payment card data. A recent FBI alert revealed this vulnerability was used to “successfully retrieve environment credentials”.
The commentary from Satnam Narang, Staff Research Engineer at Tenable, on how site owners should prepare to migrate their stores immediately and protect their sites from further attacks:
"It’s been nearly two years since Magento, one of the most popular e-commerce solutions, announced that Magento 1, both the Community and Commerce versions, would reach end of life at the end of June 2020. This lead time gave site owners an opportunity to prepare and, hopefully, transition to Magento 2, which is supported. Cybercriminals have routinely targeted Magento sites as part of Magecart attacks, where they inject malicious code into the sites in order to steal payment card information from victims’ customers. With Magento releasing its final batch of security fixes on June 22, attackers are likely chomping at the bit to exploit any undisclosed vulnerabilities in Magento 1. It is imperative that Magento site owners upgrade to Magento 2 for continued security updates or transition to another eCommerce solution that is still supported."