Blog
Share This Post
[ad_1]
More than 4,200 Adobe Commerce and Magento online stores, including those belonging to Cisco, Whirlpool, Segway, Ray-Ban, and National Geographic, have been breached in attacks involving the critical CosmicSting information disclosure vulnerability, tracked as CVE-2024-34102, since June, BleepingComputer reports.
Intrusions leveraging CosmicSting have been launched by seven financially motivated threat operations — including Belki, Bobry, Burunduki, Khomyaki, Ondatry, and Surki — against almost 5% of all stores to facilitate Magento cryptographic key exfiltration and payment skimmer injections, according to a report from Sansec. While Whirlpool, Segway, and Ray-Ban are believed to have remediated the issue, other organizations have been urged to immediately upgrade their Adobe Commerce and Magento implementations amid the threat of escalating exploitation. “Sansec projects that more stores will get hacked in the coming months, as 75% of the Adobe Commerce & Magento install base hadn’t patched when the automated scanning for secret encryption keys started,” said the report.
[ad_2]
Source link
Subscribe To Our Newsletter
Get updates and learn from the best
More To Explore
US Charges Five People Over North Korean IT Worker Scheme
[ad_1] The US has announced charges against five individuals involved in a fake IT workers scheme to funnel funds to
In Other News: VPN Supply Chain Attack, PayPal $2M Settlement, RAT Builder Hacks Script Kiddies
[ad_1] Noteworthy stories that might have slipped under the radar: Korean VPN supply chain attack, PayPal settles with New York
