A new security analysis from CyberNews revealed that many popular online stores are vulnerable to SSL vulnerability that could allow threat actors to exploit and steal sensitive information. In an official statement, CyberNews stated that it analyzed web servers of 2,620 popular e-commerce domains for SSL configuration security and their exposure toward known vulnerabilities related to the Secure Sockets Layer (SSL) encryption protocol.
“When performing our SSL configuration analysis, we also tested the online shopping servers for six known SSL vulnerabilities, including BEAST, POODLE, and DROWN, which might allow cybercriminals to carry out SSL-based attacks against the online shops and their users. We decided to test for those vulnerabilities in particular because they are well-known, have been discovered long ago, and already have patches released for them, putting the responsibility for the existence of such security holes squarely server-side,” the researchers said.
The BEAST Vulnerability
Despite most of the shopping servers having strong SSL configurations, one-third of the web servers are susceptible to the BEAST vulnerability (Browser Exploit Against SSL/TLS). The BEAST vulnerability could allow an attacker to access the information exchanged between a web server and the user’s web browser, including shoppers’ authentication tokens, payment details, and other personal information.
CyberNews recommended users to be vigilant while shopping online ahead of Black Friday and Cyber Monday.
To stay safe while shopping online, it is advised to employ multi-factor authentication to double-check the authenticity of digital users and add an additional layer of security to protect personal data and information. Browse with caution and be vigilant on what you are clicking, as it may be malware or phishing links.