Attackers mount Magento supply chain attack by compromising FishPig extensions | allinfosecnews.com

Web: https://www.helpnetsecurity.com/2022/09/14/fishpig-extensions-compromised/

Sept. 14, 2022, 1:01 p.m. | Zeljka Zorz

Help Net Security helpnetsecurity.com

FishPig, a UK-based company developing extensions for the popular Magento open-source e-commerce platform, has announced that its paid software offerings have been injected with malware after its distribution server was compromised. How the attackers compromised the FishPig extensions Sansec researchers said that the FishPig distribution server was compromised on or before August 19th. “Any Magento store who installed or updated paid Fishpig software since then, is now likely running the Rekoobe malware,” they noted. FishPig … More →

The post …

attack attackers don't miss extensions fishpig linux magento remote access trojan sansec supply supply chain supply chain attack supply chain compromise

More from helpnetsecurity.com / Help Net Security

Red Hat and Oracle expand collaboration to standardize cloud operations 2 hours ago | helpnetsecurity.com

cloud collaboration industry news operations +2

BOXX Insurance raises $14.4 million to help customers stay ahead of cyber threats 3 hours ago | helpnetsecurity.com

boxx insurance customers cyber cyber threats +4

Attackers used malicious “verified” OAuth apps to infiltrate organizations’ O365 email accounts 13 hours ago | helpnetsecurity.com

account protection accounts apps attackers +16

Critical QNAP NAS vulnerability fixed, update your device ASAP! (CVE-2022-27596) 17 hours ago | helpnetsecurity.com

critical cve device don't miss +7

3 ways to stop cybersecurity concerns from hindering utility infrastructure modernization efforts 22 hours ago | helpnetsecurity.com

ciso critical infrastructure cybersecurity don't miss +9

DigiCert releases new unified approach to trust management 22 hours ago | helpnetsecurity.com

certificates ciso cybersecurity digicert +7

Is President Biden’s National Cybersecurity Strategy a good idea? 22 hours ago | helpnetsecurity.com

biden cybersecurity cybersecurity strategy don't miss +9

Budget constraints force cybersecurity teams to do more with less 23 hours ago | helpnetsecurity.com

budget constraints cyberattacks cybersecurity +4

KELA launches cyber intelligence platform to empower proactive digital crime prevention 1 day ago | helpnetsecurity.com

crime cyber cyber intelligence digital +6

Cybersecurity Engineer

@ Apercen Partners LLC | Folsom, CA

View on infosec-jobs.com

IDM Sr. Security Developer

@ The Ohio State University | Columbus, OH, United States

View on infosec-jobs.com

IT Security Engineer

@ Stylitics | New York City

View on infosec-jobs.com

Information Security Engineer

@ VDA Labs | Remote

View on infosec-jobs.com

Information Security Analyst

@ Metropolitan Transportation Commission | San Francisco, CA

View on infosec-jobs.com

Personnel Security Specialist I

@ NT Concepts | Remote

View on infosec-jobs.com

Cyber Security Manager (SOC/Threat Detection)

@ Nubank | São Paulo

View on infosec-jobs.com

Personnel Security Specialist II

@ NT Concepts | Remote

View on infosec-jobs.com

Infrastructure Consultant - Graduate

@ Netcompany | Leeds, United Kingdom

View on infosec-jobs.com

Senior Cloud Network Security Engineer with expertise in WIFI technologies

@ Uni Systems | Luxembourg, Luxembourg, Luxembourg

View on infosec-jobs.com

DevSecOps Engineer - TOP SECRET Clearance Required - Colorado Springs/Denver/Pueblo

@ Spry Squared, Inc. | Colorado Springs, CO, United States

View on infosec-jobs.com

Product Security Associate

@ Mekari | Jakarta, Jakarta, Indonesia

View on infosec-jobs.com