Cyber Security Today – Huge e-commerce hack, US warns of IT products being targeted and let people report vulnerabilities

Huge e-commerce hack, US warns of IT products being targeted and let people report vulnerabilities

Welcome to Cyber Security Today. It’s Wednesday September 16th. I’m Howard Solomon, contributing reporter on cybersecurity for To hear the podcast click on the arrow below:

Cyb er Security Today on Amazon Alexa Cyber Security Today on Google Podcasts Subscribe to Cyber Security Today on Apple Podcasts

Experts stress the importance of applying security patches and updating to the latest version of applications to avoid being hacked. Well, almost two thousand online stores learned that lesson the hard way over the weekend when they were victimized. They were using version 1 of Adobe’s Magento e-commerce platform, which expired at the end of June. According to a cybersecurity firm called Sansec the attackers used a common tactic: They inserted code on the sites that skimmed off credit card and other customer data as it was being entered. Sansec estimates that information of tens of thousands of customers was stolen from one of the compromised stores alone. The security company said the hackers were able to get into each site’s Magento administrator’s panel to download the malware. Experts say administrator accounts must be protected with strong login rules to prevent this from happening. It’s estimated 95,000 stores are still using the unsupported version of Magento.

Speaking of updates, the U. S. Cybersecurity and Infrastructure Security Agency says unpatched vulnerabilities in four products are regularly being exploited by hackers from China to infiltrate corporate and government networks. These bugs are in in the F5 Network’s Big IP Traffic Manager, Citrix’s Virtual Private Network appliances, Pulse Secure VPN Servers and Microsoft Exchange Server. Software patches for these vulnerabilities have already been issued but some organizations are still slow to apply them. Maintaining a rigorous patching cycle is the best defense against the most frequently used attacks, says the agency. Widespread implementation of robust configuration and patch management programs would greatly increase network security.

Finally, cybersecurity researchers regularly complain that many organizations don’t have a process for receiving security warnings. People who find vulnerabilities with websites, applications and unsecured data need a way to alert companies to these issues. Unfortunately many organizations limit the way they can be contacted. So often researchers have to leave messages with sales, customer or technical support staff, who aren’t instructed on dealing with cybersecurity warnings. That can mean weeks go by before the right person is found and the issue is dealt with. This week the U.K. National Cyber Security Centre urged organizations to be more proactive. To help them it also issued a Vulnerability Disclosure Toolkit to guide their work. Briefly, it urges every web site to have an email address or contact web form specifically for reporting security problems. To go along with that organizations should also have a clear policy for how employees must handle reports. Having a publicly-available reporting process shows customers your organization takes security seriously, the centre notes. It also reduces the odds your organization’s reputation will be damaged because a report is handled slowly.

That’s it for Cyber Security Today. Links to details about these stories can be found in the text version of each podcast at That’s where you’ll also find my news stories aimed at businesses and cybersecurity professionals. Cyber Security Today can be heard on Mondays, Wednesdays and Fridays. Subscribe on Apple Podcasts, Google Podcasts or add us to your Flash Briefing on your smart speaker.

Would you recommend this article?


Thanks for taking the time to let us know what you think of this article!
We'd love to hear your opinion about this or any other story you read in our publication.

Jim Love, Chief Content Officer, IT World Canada
Howard Solomon
Howard Solomon
Currently a freelance writer, I'm the former editor of and Computing Canada. An IT journalist since 1997, I've written for several of ITWC's sister publications including and Computer Dealer News. Before that I was a staff reporter at the Calgary Herald and the Brampton (Ont.) Daily Times. I can be reached at hsolomon [@]

ITWC podcast network

Subscribe to ITWC podcasts and never fall behind on the conversation in technology again. Our daily podcasts are perfect to add to your smart speaker’s daily briefing or to your favourite podcast app on your smartphone. 

Cyber Security Today Podcast

#Hashtag Trending Podcast