Websites using osCommerce software--an open source online shop e-commerce app--are under a large-scale injection attack, said Hong Kong Computer Emergency Response Team Coordination Centre (HKCERT) recently. Websites using osCommerce software–an open source online shop e-commerce app–are under a large-scale injection attack, said Hong Kong Computer Emergency Response Team Coordination Centre (HKCERT) recently. In a recent proactive information security monitoring operation, HKCERT observed that more than 90,000 Web pages were infected globally, with more than 2,000 pages in Hong Kong being infected. The number of infected pages is still on the rise, according to HKCERT.Compromised websites are injected with malicious hyperlinks, which in turn redirect visiting users of such websites to other malicious websites, said HKCERT, adding that users’ machines may be infected with the malware subsequently.HKCERT said it has already issued notice and security bulletin about the vulnerability, with details on ways to detect the attack and recovery. As a preventive measure and best practice in information security, HKCERT said website administrators using osCommerce to check their webpages and databases, and set password to protect the administration directory (/admin/) of their systems using the .htaccess file.HKCERT also warns users of online shopping websites to beware of the potential risk. “They should always maintain their security patch up to date, use anti-malware software and the latest version of browsers, disable Javascript in browsers, and turn on personal firewalls,” said the organization. “Online shoppers should not visit any unsolicited websites.” Related content news Google Chrome zero-day jumps onto CISA's known vulnerability list A serious security flaw in Google Chrome, which was discovered under active exploitation in the wild, is a new addition to the Cybersecurity and Infrastructure Agency’s Known Exploited vulnerabilities catalog. By Jon Gold Oct 03, 2023 3 mins Zero-day vulnerability brandpost The advantages and risks of large language models in the cloud Understanding the pros and cons of LLMs in the cloud is a step closer to optimized efficiency—but be mindful of security concerns along the way. By Daniel Prizmant, Senior Principal Researcher at Palo Alto Networks Oct 03, 2023 5 mins Cloud Security news Arm patches bugs in Mali GPUs that affect Android phones and Chromebooks The vulnerability with active exploitations allows local non-privileged users to access freed-up memory for staging new attacks. By Shweta Sharma Oct 03, 2023 3 mins Android Security Vulnerabilities news UK businesses face tightening cybersecurity budgets as incidents spike More than a quarter of UK organisations think their cybersecurity budget is inadequate to protect them from growing threats. By Michael Hill Oct 03, 2023 3 mins CSO and CISO Risk Management Podcasts Videos Resources Events SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe