Five new patches have been released. Two of them are high or critical!
Three new patches have been released. Two of them are critical.
Last weekend there was a hacker attack affecting about 2000 Magento 1 stores. In this newsletter we explain what we know about it and what you can do to protect your store.We also take this opportunity to thank our partner sansec.io for their support in researching these attacks. What happened? We received the message that last weekend about 2000 Magento 1 storesContinue reading “Hacker attacking Magento”
Two new patches have been released, adding PHP 7.3 compatibility and improving the clearing of session data with parallel logins.
Magento 1 has stirred up the market of open source e-commerce systems and has become one of the most popular e-commerce systems in the world within a short time. For over a decade, small and large retailers have been relying on it. Since Magento announced that it will discontinue official safety updates in June 2020Continue reading “Magento 1 & Mage One vs. Relaunch ~ When is the change worthwhile?”
This patch sends all cookies with a “secure” marker set. This results in sending the cookies solely via HTTPS.
This patch prevents parallel logins for the same user account (session attack for backend and frontend).
QPS We are happy to announce that our QPS extension has been released. Our QPS (Quick Protection System) is a Magento extension which is installed in the shop, just like a common Magento extension and which acts as a firewall. The QPS Extension can, but does not have to be installed! You can find moreContinue reading “Mage One Patches für Magento 1: First Patch and QPS”
The PCI question is one that unfortunately cannot be answered so easily. The background is that a payment provider must fulfil certain security standards to be considered “secure” (PCI-DSS = Payment Card Industry Security Standard). One of these requirements is that the patches are offered by a “vendor”. However, it is not explained whether theContinue reading “Latest information about PCI-compliance and the use of Mage One”
Dear Visa, dear PayPal, ladies and gentlemen, only six weeks left until Adobe discontinues it’s support for the Community Edition and the Enterprise Edition of Magento 1. As soon as there is no more support, these shops are no longer secure, because new security vulnerabilities will no longer be fixed. (By the way, this doesContinue reading “Open letter to PayPal and Visa about the end of life of the Magento 1.x platform”