Widespread CosmicSting attacks hit Adobe Commerce, Magento stores

Share This Post



More than 4,200 Adobe Commerce and Magento online stores, including those belonging to Cisco, Whirlpool, Segway, Ray-Ban, and National Geographic, have been breached in attacks involving the critical CosmicSting information disclosure vulnerability, tracked as CVE-2024-34102, since June, BleepingComputer reports.

Intrusions leveraging CosmicSting have been launched by seven financially motivated threat operations — including Belki, Bobry, Burunduki, Khomyaki, Ondatry, and Surki — against almost 5% of all stores to facilitate Magento cryptographic key exfiltration and payment skimmer injections, according to a report from Sansec. While Whirlpool, Segway, and Ray-Ban are believed to have remediated the issue, other organizations have been urged to immediately upgrade their Adobe Commerce and Magento implementations amid the threat of escalating exploitation. “Sansec projects that more stores will get hacked in the coming months, as 75% of the Adobe Commerce & Magento install base hadn’t patched when the automated scanning for secret encryption keys started,” said the report.



Source link

Subscribe To Our Newsletter

Get updates and learn from the best

More To Explore

Blogs

Mickey Mouse operation hacked by former employee

A disgruntled former Disney worker stands accused of illegally hacking the company’s systems and harassing its workers. Michael Scheuer, a former system administrator with the

Do You Want To Boost Your Business?

drop us a line and keep in touch