Ethical Hacking News
A recent attack exploiting the CosmicSting vulnerability has compromised over 4,000 e-stores, including major organizations such as Ray-Ban and Cisco. The vulnerability is a critical bug that can result in arbitrary code execution, making it essential for store owners to patch their systems immediately.
Malicious attack exploits CosmicSting vulnerability in Adobe Commerce and Magento stores. The vulnerability allows for arbitrary code execution, resulting in potential data breaches. Over 4,000 e-stores have been compromised by threat actors exploiting the issue. The attack does not require user interaction, making it a sophisticated vector. The attackers can steal customer data and install backdoors on servers. Seven distinct groups are exploiting the vulnerability to deploy e-skimmers on victim stores. Merchants are urged to implement countermeasures immediately to protect their stores from potential attacks.
Adobe Commerce and Magento stores have been hit by a malicious attack exploiting the CosmicSting vulnerability, which was recently added to the Known Exploited Vulnerabilities catalog by the U.S. Cybersecurity and Infrastructure Security Agency (CISA) in July 2024. The vulnerability is an Improper Restriction of XML External Entity Reference (‘XXE’) vulnerability that could result in arbitrary code execution. This critical bug impacts Adobe Commerce versions 2.4.7, 2.4.6-p5, 2.4.5-p7, 2.4.4-p8 and earlier.
The exploitation of this issue does not require user interaction, making it a highly sophisticated attack vector. According to Sansec researchers, multiple threat actors have exploited the CosmicSting vulnerability to compromise more than 4,000 e-stores over the past three months. The flaw allows attackers to read any files on the affected sites, including passwords and other sensitive information.
The typical attack strategy is to steal the secret crypt key from app/etc/env.php and use that to modify CMS blocks via the Magento API. Then, attackers inject malicious JavaScript to steal customer data. Combined with another bug (CVE-2024-2961), attackers can also run code directly on their servers and use that to install backdoors.
The attack has a severe impact on e-commerce, as reported by Sansec experts, who stated that cybercriminals have hacked 5% of all Adobe Commerce and Magento stores this summer. The attacker also compromised the e-stores of major organizations, including Ray-Ban, National Geographic, Cisco, Whirlpool, and Segway.
Seven distinct groups are exploiting the vulnerability CosmicSting to deploy e-skimmers on victim stores. The attackers seem to be targeting specific vulnerabilities in order to gain full control over the affected sites, which can then be used for malicious purposes such as credit card skimming or ransomware attacks.
This is not an isolated incident and highlights the importance of staying up-to-date with security patches. In recent years, we have seen numerous instances where unpatched vulnerabilities have been exploited by threat actors to gain unauthorized access to sensitive data and disrupt business operations.
In light of this critical vulnerability, merchants are urged to implement countermeasures immediately to protect their stores from potential attacks. Implementing timely security updates can help prevent the exploitation of this vulnerability and reduce the risk of data breaches.
The U.S. government has issued alerts about this vulnerability through various channels, including CISA. The agency added CVE-2024-34102 to its Known Exploited Vulnerabilities catalog in July 2024. This is a clear indication that the vulnerability poses a significant threat to organizations and individuals alike.
It is essential for Adobe Commerce and Magento store owners to take immediate action to patch their systems and prevent potential attacks. The attackers' sophistication and speed of exploitation highlight the importance of staying vigilant and taking proactive measures to protect against such threats.
In conclusion, the recent attack on Adobe Commerce and Magento stores highlights the critical nature of this vulnerability and underscores the need for organizations to prioritize security patches and updates. By staying informed about emerging vulnerabilities and implementing timely countermeasures, individuals and businesses can reduce their risk of being compromised by sophisticated attacks like the one seen with CosmicSting.
Related Information:
https://securityaffairs.com/169316/cyber-crime/4000-unpatched-adobe-commerce-and-magento-stores-hacked.html
https://thehackernews.com/2024/10/alert-adobe-commerce-and-magento-stores.html
https://nvd.nist.gov/vuln/detail/CVE-2024-34102
https://www.cvedetails.com/cve/CVE-2024-34102/
Published: Thu Oct 3 11:33:51 2024 by llama3.2 3B Q4_K_M
