Lacie one of the webshops that have lost data because they didn't patch Coldfusion

 

 

"Computer hardware company LaCie is warning customers who have made transactions between March 27th, 2013 and March 10th, 2014 that their personal data may have been compromised. According to a statement released by the company, customer names, addresses, email addresses, payment card numbers, card expiration numbers and passwords could be at risk

LaCie's disclosure of the year-long security breach came a month after Krebs on Security published evidence of the attack. Brian Krebs wrote extensively about "a botnet of hacked e-commerce sites" created using Adobe ColdFusion vulnerabilities. http://www.theverge.com/2014/4/16/5619336/lacie-infected-malware-sensitive-information-compromised

many of those websites are STILL Vulnerable

"The botnet control panel listed dozens of other e-commerce sites as actively infected. Incredibly, some of the shops that were listed as compromised in August 2013 are still apparently infected — as evidenced by the existence of publicly-accessible backdoors on the sites. KrebsOnSecurity notified the companies that own the Web sites listed in the botnet panel (snippets of which appear above and below, in red and green), but most of them have yet to respond.  http://krebsonsecurity.com/2014/03/thieves-jam-up-smuckers-card-processor

The comments are closed.