APSB22-12 — Critical security vulnerability in Magento Open Source and Adobe Commerce
On Sunday February 13th, 2022, Adobe released an emergency patch for versions of Magento 2 (Adobe Commerce), to fix a critical vulnerability (APSB22-12). This vulnerability has a CVSS score of 9.8, as it allows unauthenticated remote code execution, meaning hackers could use this vulnerability to get complete control of your site. We highly advise you to install the patch as soon as possible to prevent this from happening.
It allows for unauthenticated remote code execution meaning that hackers can easily penetrate and control your site if it’s run on the affected Magento versions:
- Adobe Commerce
- 2.4.3-p1 and earlier versions
- 2.3.7-p2 and earlier versions
- Magento Open Source
- 2.4.3-p1 and earlier versions
- 2.3.7-p2 and earlier versions
- *Adobe Commerce 2.3.3 and lower are not affected.
Security updates available for Adobe Commerce APSB22-12
Call Crimson Agility to have our specialists install this security patch for you, we have Magento support options for companies of all sizes. For Crimson Agility clients, this should take no longer than 1.0 hour of effort to install, deploy, and validate.
Verifying Customers’ Identities
The goal of great digital commerce is to make the customer journey as simple and easy as possible from the time the customer enters your site to the moment a customer purchases your products.
Rather than having multiple points of verification, Adobe Commerce merchants are encouraged to implement configurations that allow a single validation for the whole shopping session. This creates a better customer experience where the focus is on purchasing your products.
Our recommendation is to enable Google ReCAPTCHA, this is a free tool available to all Adobe Commerce merchants. Due to the ease of use and advanced security, our recommendation is to enable Google ReCAPTCHA in your checkout process. This is the best way to impede “carding” attacks and other brute force attacks during checkout.
We’ve all tried to log into a website only to be challenged to click all the boxes containing traffic lights or storefronts or bridges in a frantic attempt to persuade the computer that we’re not a bot. Last fall, Google launched version 3 of the tool, an “invisible” version of ReCAPTCHA, with the goal of eliminating the annoying customer experience. Google ReCAPTCHA V3, is invisible to your customers, they won’t see the “I’m not a robot” checkbox, nor will they have to prove they can identify a traffic light. Behind the scenes, ReCAPTCHA is still conducting a risk assessment of that customer based on their activity and behavior on your site and as a result, preventing “carding” attacks and malicious actors access.
If you are not using Google ReCAPTCHA V3, it is possible that you are seeing a higher rate of cart abandonment than you would with “invisible” ReCAPTCHA V3. Google ReCAPTCHA V3 is available in Adobe Commerce 2.4 (also known as Magento).
Recommended forms where you can enable Google ReCAPTCHA include:
• Admin Login
• User Login
• Create Account
• Newsletter Sign up
• Forgot/Reset Password
• Checkout
If you have any questions, you can contact us via the options on the Crimson Agility contact page.
Interested in learning more about “Adobe Commerce Security Best Practices” or for a Security Assessment contact us today.
Impact of Coronavirus on E-Commerce
Who would have figured, at the start of 2020, that people all over the globe would be sequestered to their homes? This is a time that affects things that we once thought were simple and easy are taken away from us. Even access to everyday necessities, such as toilet paper and bottled water, were stripped from the shelves in the blink of an eye. This did not only disturb our day to day lives but the economy as a whole. “Due to recent events, e-commerce has become almost a necessity. People are quarantined at home and spending more time shopping online. To maintain a competitive advantage this year and beyond, you may need to create and grow your digital presence.”
How has this affected the world of B2B and B2C e-commerce?
The World of E-Commerce Post Coronavirus
This year, e-commerce is expected to be a vital part of the economy at approximately 12% of all retail sales. Although this is good to hear from a business standpoint, this demand can be difficult for supply chains to keep up. For example, countries, like China, which were affected by COVID-19 earlier than most states, may need time to ramp up production, causing delays and shortages. This may be an opportunity to diversify traditional supply chain flows.
According to Digital Commerce 360, “The coronavirus resulted in a surge in web sales for such merchandise categories as groceries, while at the same time bringing online orders to a trickle in segments that depend on discretionary consumer spendings, such as for luxury goods and jewelry.” With pandemic fever making millions run into the store and gobble up all the toilet paper in a twenty-mile vicinity. The shift moved away from typical markets both out of necessity and safety. Resulting in, once-solid markets, such as the cruise and airline industry, near collapse.
How E-Commerce is Going to be the Solution
It has never been more vital to the world of e-commerce to provide a hands-free approach. With customer fears of entering public places such as stores, an omnichannel option has been even more appealing to customers. The industry has, temporarily, transformed because of the demand of people shifting from sales at traditional brick-and-mortar to online shopping. Does this shift have staying power and permanence – we’ll see.
COVID-19 has resulted in significant strain on some industries, but they are “Bending not Breaking.” This resulted in smart businesses to get innovative. Only around, “7.7% of the 208 store-based retailers in the Top 1000 had that capability as of the end of 2019.” Still, many stores such as Best Buy and Micheals have added curbside pick-up (6 ways the coronavirus pandemic will impact eCommerce). Curbside pick-up has been paired with the convenience of mobile apps. According to Walmart, its app that allows for mobile ordering and curbside pick-ups has had a download growth of 460% by the end of March 2020.
How Crimson Agility can Help
Crimson Agility provides a range of services for your e-commerce needs. We know these times can be tough on your business, but let us help you try to get ahead in this post Coronavirus world. Magento allows for a wide range of potential, company enhancing, opportunities to upgrade your site or break into the e-commerce market. Please contact us to find out more details about how we can help at Crimson Agility Contact Us.
