UK National Cyber Security Centre (NCSC) issued a Black Friday warning to more than 4,000 retailers whose customer data was being stolen. The thefts were due to known, but unpatched vulns in the popular e-commerce platform Magento and were based upon reported breaches over the past 18 months. During the checkout process, known vulnerabilities in the program allowed hackers to divert payments and steal customer PII. Excerpt:
- The compromised shopping websites were identified by the NCSC’s Active Cyber Defence programme, which seeks to remove malicious websites and scams from the internet before they harm the public. The NCSC has monitored for these shops since April 2020 and issued warnings to site owners and SMEs about their software being up-to-date.