PrestaShop, an open-source e-commerce platform hosting over 300,000 shops, announced attackers have exploited a major vulnerability to inject malicious code into servers running PrestaShop websites. The attackers are injecting a fake payment form on the front-office check-out page to steal shoppers’ credit card information. PrestaShop stated that they believe the attackers are targeting shops using outdated software or modules, vulnerable third-party modules, or a yet-to-be-discovered vulnerability.
PrestaShop’s official announcement of the discovered vulnerability can be found here.
“Attackers continue to target and successfully infiltrate sites with outdated software or modules, vulnerable third-party modules, or yet-to-be-discovered vulnerabilities. This illustrates the critical need for an agile cyber asset management strategy, as companies have no way of mitigating security risks for assets they cannot see. Cyber asset management addresses this lack of visibility head-on, beginning with a holistic inventory of all cyber assets residing in a company’s IT estate. Once real-time observability into the entire attack surface is secured, companies can establish advanced governance policies to remediate abnormalities, vulnerabilities, and tackle the issue of outdated versions of their software head-on before they are exploited.”