.png "back to home page")
#Magento has released a new security update fixing multiple types of vulnerabilities including Cross-Site Request Forgery, Cross-Site Scripting, SQL Injection & Remote Code Execution.
— Sucuri Security | Complete Website Security (@sucurisecurity) March 28, 2019
We strongly encourage Magento users to update their sites https://t.co/rdt8mmlYIy by @MarcS0h
Serious Magento bug will likely be exploited in the wild by card skimmers https://t.co/GNWvsgiZ8R by @dangoodin001
— Ars Technica (@arstechnica) March 28, 2019
Magento 2.3.1 is out. Fixes SQLi, XSS, and RCE bugs.https://t.co/vgoObOl2lO
— Catalin Cimpanu (@campuscodi) March 28, 2019
Technical write-up on the SQLi flaw is here: https://t.co/Z5CEEM74a3 pic.twitter.com/HYR6RVupc6
#Magento patches unauthenticated SQL Injection in Magento Core.
— David (@slashcrypto) March 28, 2019
They also fixed RCE and XSS issues. Short writeup (no PoC) here https://t.co/rIpIlrwKM8.
Official notice:https://t.co/agpkGssbqx
SQLi exploit code published for Magento vulnerability. The eCommerce software is used by 300K businesses. https://t.co/q6DvAvxpyY
— Chris Wysopal (@WeldPond) March 29, 2019
Looks like @Magento just used a RNG to calculate severity of the bugs today... pre-auth RCE less severe than post-auth SQLi, XSS more severe than SQLi, Clickjacking more severe than RCE... ok that last one wasn't true, but still... https://t.co/t7XZ1jz8BQ
— eboda (@edgarboda) March 26, 2019
Critical Magento SQL Injection Vulnerability Discovered – Patch Your Siteshttps://t.co/lnwN4obdoT
— Chris Parker (@chrispcritters) March 29, 2019
Critical Magento SQL Injection Vulnerability Discovered – Patch Your Sites https://t.co/mIh6dvghPu #Infosec pic.twitter.com/oAJjDuo3Oe
— #AI (@AI__TECH) March 29, 2019
Critical Magento SQL Injection Vulnerability Discovered – Patch Your Sites https://t.co/whG78p7dK2
— Cyberologue - Actualité Cybersécurité/RGPD/infosec (@cyberologue) March 29, 2019
Important — Critical Unauthenticated "SQL Injection" Flaw Discovered in Magento E-Commerce Platformhttps://t.co/bRex09VfNP
— Mohit Kumar (@unix_root) March 29, 2019
Online store owners are advised to immediately install the latest version of #Magento to patch a total of 37 new #security vulnerabilities.
by @Swati_THN pic.twitter.com/OfUrxtcNgO
Important — Critical Unauthenticated "SQL Injection" Flaw Discovered in Magento E-Commerce Platformhttps://t.co/zJhnCmy49G
— Swati Khandelwal (@Swati_THN) March 29, 2019
Online store owners are advised to immediately install the latest version of #Magento to patch a total of 37 new #security vulnerabilities. pic.twitter.com/O81B27dB2s
SQLi exploit code published for Magento vulnerability. The eCommerce software is used by 300K businesses. https://t.co/q6DvAvxpyY
— Chris Wysopal (@WeldPond) March 29, 2019
Severe Magento bug opens ~300k commerce sites to card-skimming attacks https://t.co/xMFsdjSRet #Infosec pic.twitter.com/08yr7TV45p
— #AI (@AI__TECH) March 29, 2019
Brace yourselves: exploit published for serious Magento bug allowing card skimming (Updated) https://t.co/rmzkb4NMyz
— (George) Millennial-Primal Cyphertron Super Pac (@MillennialPriml) March 29, 2019
Hey #magento users it's time to migrate to #shopinvader ?https://t.co/PZaljRRJEP
— Shopinvader (@shopinvader) March 29, 2019
Serious @magento e-commerce platform bug puts >300,000 commerce sites at risk of card-skimming infections. Magento admins: Beware of SQL flaw PRODSECBUG-2198 https://t.co/heVYdPt3oG Reminder: @BigCommerce = Uncompromising Security https://t.co/NPzH3jGjd3
— Meghan Stabler (@MeghanStabler) March 29, 2019
Exploit Published For Magento Bug Allowing Card Skimming https://t.co/mKSW6uK7UY
— Nicolas Krassas (@Dinosn) March 29, 2019
Update now! Magento rolls out patches against RCE, XSS and SQL injection attacks https://t.co/AGk5EkYacB
— Security Response (@threatintel) March 29, 2019
Looks like @Magento just used a RNG to calculate severity of the bugs today... pre-auth RCE less severe than post-auth SQLi, XSS more severe than SQLi, Clickjacking more severe than RCE... ok that last one wasn't true, but still... https://t.co/t7XZ1jz8BQ
— eboda (@edgarboda) March 26, 2019
#Magento patches unauthenticated SQL Injection in Magento Core.
— David (@slashcrypto) March 28, 2019
They also fixed RCE and XSS issues. Short writeup (no PoC) here https://t.co/rIpIlrwKM8.
Official notice:https://t.co/agpkGssbqx
Magento 2.3.1 is out. Fixes SQLi, XSS, and RCE bugs.https://t.co/vgoObOl2lO
— Catalin Cimpanu (@campuscodi) March 28, 2019
Technical write-up on the SQLi flaw is here: https://t.co/Z5CEEM74a3 pic.twitter.com/HYR6RVupc6
シェアNo1のMagentoでセキュリティアップデートでています。
— Autumn Good (@autumn_good_35) March 29, 2019
スコアの高いRCEなどは認証済みユーザの権限昇格とか条件ありですが、この認証無しのSQLiはかなりまずそうですね...
Magento 2.3.1, 2.2.8 and 2.1.17 Security Updatehttps://t.co/pmm09mQV6G pic.twitter.com/ZHu6PGNVOB
#Magento has released a new security update fixing multiple types of vulnerabilities including Cross-Site Request Forgery, Cross-Site Scripting, SQL Injection & Remote Code Execution.
— Sucuri Security | Complete Website Security (@sucurisecurity) March 28, 2019
We strongly encourage Magento users to update their sites https://t.co/rdt8mmlYIy by @MarcS0h
危険性が高いのと攻撃はまだ観測していないことから今のところ詳細は公開しないとSucuriは言ってますが、
— Autumn Good (@autumn_good_35) March 29, 2019
SQL Injection in Magento Corehttps://t.co/0wqZH0bdin
[INFO] SQL Injection in Magento Core https://t.co/KV1NgW0U83
— kinomakino (@kinomakino) March 28, 2019
Is your e-commerce site being used to test stolen card data? | https://t.co/LWxJgM8kJ5 | #cybercrime #CyberAttack #infosecurity #phishing #security #ITSecurity #ictsecurity #ICTspecialists #hacking #CyberEurope #SocialEngineering #SE #cybersecurity #ransomware #hacking
— DOGANA_project (@DOGANAProject) March 29, 2019
How seriously is the #ecommerce market taking #cybersecurity? Are thay aware of #cybercrime? I would say no!! Is your e-commerce site being used to test stolen #creditcard & #credentials data?#cybersec #threatintel #netthandel #ehandel #infosec #DarkWeb https://t.co/1N0jRTXJed
— Jiniba (@JinibaBD) March 28, 2019
Is your e-commerce site being used to test stolen card data? https://t.co/CRhX6Zl4No #infosec pic.twitter.com/ZIC5879p54
— #AI (@AI__TECH) March 29, 2019
Is your e-commerce site being used to test stolen card data?
— Fabrizio Bustamante (@Fabriziobustama) March 28, 2019
By @NakedSecurityhttps://t.co/JnuSzv5Ao0#vulnerabilities #ecommerce #CyberSecurity #infosecurity
Cc: @archonsec @robmay70 @DrJDrooghaag @BentleyAudrey @JolaBurnett @gvalan @fogle_shane @mclynd @ChuckDBrooks pic.twitter.com/WdmsUcrKId
Is your e-commerce site being used to test stolen card data? https://t.co/oTMg4MdtJA via @InfoSecHotSpot pic.twitter.com/dddCb6xW6e
— Sean Harris (@InfoSecHotSpot) March 28, 2019
If you are one of the 300,000 ecommerce sites that use Magento, read this right now to make sure you are not vulnerable to payment card skimmers through SQL injection attacks. https://t.co/HVKE7unRYA
— Daniel Tunkelang (@dtunkelang) March 29, 2019
Magento exploit. Yikes! I know there are other perspectives, but this is a key reason why I prefer hosted ecommerce platforms for clients like @BigCommerce. #magento #ecommerce #bug #bigcommercehttps://t.co/nygkrtYWs7
— Scott Williams (@ScottDeveloper) March 29, 2019
For details on patching/upgrading:
— Ryan Hoerr (@ryanhoerr) March 29, 2019
M1: https://t.co/cQYplagVtG
M2: https://t.co/6x0ousDnAK