Breach of software maker used to backdoor ecommerce servers

Dan Goodin reports:

FishPig, a UK-based maker of e-commerce software used by as many as 200,000 websites, is urging customers to reinstall or update all existing program extensions after discovering a security breach of its distribution server that allowed criminals to surreptitiously backdoor customer systems.

The unknown threat actors used their control of FishPig’s systems to carry out a supply chain attack that infected customer systems using FishPig’s fee-based Magento 2 modules with Rekoobe, a sophisticated backdoor discovered in June.

Read more at Ars Technica

h/t, @PrivacyDigest

About the author: Dissent

Comments are closed.