DataBreaches.Net

Menu
  • About
  • Breach Notification Laws
  • Privacy Policy
  • Transparency Report
Menu

Hackers Go on a Magento Attack Spree Using a Helpdesk Extension

Posted on December 29, 2017 by Dissent

Rafia Shaikh reports:

Cybercriminals are targeting Magento sites running Mirasvit Helpdesk – a popular helpdesk extension. The extension enables site owners to add a “Chat with us” widget on their Magento shops. Mirasvit was vulnerable to security flaws that affect every version of the extension up until version 1.5.2. Security firm WebShield had first published details about these security bugs back in September. While the developers had delivered a prompt fix and released version 1.5.3 in the same month, it appears websites are still using the vulnerable versions.

In a latest report, security researcher Willem de Groot has revealed that hackers are exploiting both these vulnerabilities with a goal to steal payment card data from the affected stores.

Read more on WCCFtech.

Related posts:

  • “Keeper” Magecart Group Infects 570 Sites — Gemini Advisory Researchers
Category: Business SectorCommentaries and AnalysesHack

Post navigation

← Two Romanian Suspects Charged With Hacking of Metropolitan Police Department Surveillance Cameras in Connection with Ransomware Scheme
SSM Health notifying 29,000 patients of insider-wrongdoing breach →

3 thoughts on “Hackers Go on a Magento Attack Spree Using a Helpdesk Extension”

  1. Catalin Cimpanu says:
    December 29, 2017 at 11:09 am

    Wow. The text of that article looks familiar. I wonder where I’ve seen it before… hmm

    1. Dissent says:
      December 29, 2017 at 11:47 am

      Is that your exact writing or did they just tweak/borrow liberally or…? I had missed your reporting on this, sorry. For those who would like to read it, it’s at:

      Magento Sites Hacked via Helpdesk Widget
      https://www.bleepingcomputer.com/news/security/magento-sites-hacked-via-helpdesk-widget/

      And if you’re a regular reader of this site and you haven’t already bookmarked Catalin’s reporting on BleepingComputer and on Twitter, you’re missing out on one of the best resources out there.

  2. Anonymous says:
    December 31, 2017 at 2:11 am

    Catalin, you are a great reporter.

Comments are closed.

Now more than ever

"Stand with Ukraine:" above raised hands. The illustration is in blue and yellow, the colors of Ukraine's flag.

Search

Browse by Categories

Recent Posts

  • Breaches have consequences (sometimes)
  • Kansas City Man Pleads Guilty for Hacking a Non-Profit
  • British national “IntelBroker” charged with causing $25 million in damages; U.S. seeks his extradition from France
  • France issues press statement about arrest of ShinyHunters members
  • Patients Allege Home Delivery Pharmacy Failed to Timely Notify Them of Data Breach
  • Hackers breach Norwegian dam, open valve at full capacity
  • Patient death at London hospital linked to cyber attack on NHS
  • ShinyHunters and team members arrested in France (2)
  • Texas Enacts Liability Shield From Punitive Damages for Certain Small Businesses That Adopt Cybersecurity Programs
  • Dublin ETB fined €125,000 for data protection breaches

No, You Can’t Buy a Post or an Interview

This site does not accept sponsored posts or link-back arrangements. Inquiries about either are ignored.

And despite what some trolls may try to claim: DataBreaches has never accepted even one dime to interview or report on anyone. Nor will DataBreaches ever pay anyone for data or to interview them.

Want to Get Our RSS Feed?

Grab it here:

https://databreaches.net/feed/

RSS Recent Posts on PogoWasRight.org

  • How Internet of Things devices affect your privacy – even when they’re not yours
  • Sky Views Personal Data as a Potential Weapon in IPTV Piracy War
  • Florida Used a Nationwide Surveillance Camera Network 250 Times To Aid in Immigration Arrests
  • Federal Court Strikes Down HIPAA Reproductive Health Care Privacy Rule
  • The Markup caught 4 more states sharing personal health data with Big Tech
  • Privacy in the Big Sky State: Montana’s Consumer Privacy Law Gets Amended
  • UK Passes Data Use and Access Regulation Bill

Have a News Tip?

Email: Tips[at]DataBreaches.net

Signal: +1 516-776-7756

Contact Me

Email: info[at]databreaches.net

Mastodon: Infosec.Exchange/@PogoWasRight

Signal: +1 516-776-7756

DMCA Concern: dmca[at]databreaches.net
© 2009 – 2025 DataBreaches.net and DataBreaches LLC. All rights reserved.