Close Menu
Indo Guard OnlineIndo Guard Online
  • Home
  • Cyber Security
  • Risk Management
  • Travel
  • Security News
  • Tech
  • More
    • Data Privacy
    • Data Protection
    • Global Security
What's Hot

Anubis Ransomware encrypts files and napkins, making recovery impossible even after payment

June 16, 2025

Turning Cybersecurity Practice into Mrr Machine

June 16, 2025

Malicious Pypi Masquerade Package as chimera module for theft Aws, CI/CD and MacOS

June 16, 2025
Facebook X (Twitter) Instagram
Facebook X (Twitter) Instagram YouTube
Indo Guard OnlineIndo Guard Online
Subscribe
  • Home
  • Cyber Security
  • Risk Management
  • Travel
  • Security News
  • Tech
  • More
    • Data Privacy
    • Data Protection
    • Global Security
Indo Guard OnlineIndo Guard Online
Home » Adobe Commerce and Magento Stores Under Attack by CosmicSting Exploit
Global Security

Adobe Commerce and Magento Stores Under Attack by CosmicSting Exploit

AdminBy AdminOctober 2, 2024No Comments3 Mins Read
Adobe Commerce and Magento Stores
Share
Facebook Twitter LinkedIn Pinterest Email Copy Link


October 2, 2024Ravi LakshmananVulnerability / data breach

Adobe Commerce and Magento stores

Cyber ​​security researchers have opened that 5% of all Adobe Commerce and Magento stores were compromised by attackers using a security vulnerability called CosmicSting.

Tracked as CVE-2024-34102 (CVSS score: 9.8), art a critical flaw refers to an improperly bounded XML External Object (XXE) reference vulnerability that could lead to remote code execution. A flaw credited to a researcher named “space wasp,” was patched by Adobe in June 2024.

Dutch security firm Sansec, which has described CosmicSting called it “the worst bug to hit Magento and Adobe Commerce stores in the last two years.”

Cyber ​​security

The shortage has since appeared extensive exploitationprompting the US Cybersecurity and Infrastructure Security Agency (CISA) to add it to the list of known exploitable vulnerabilities (KEV) in mid-July 2024.

Some of these attacks to attract exploiting a flaw in the weapon to steal Magento’s private encryption key, which is then used to generate JSON Web Tokens (JWT) with full administrative access to the API. It was then observed that threat actors are taking advantage of the Magento REST API to implement malicious scripts.

Adobe Commerce and Magento stores

It also means that applying the latest patch is not enough to protect against the attack, so site owners must take steps to turn the encryption keys.

Subsequent attacks observed in August 2024 chained CosmicSting to CNEXT (CVE-2024-2961), a vulnerability in the iconv library in the GNU C library (aka glibc), to achieve remote code execution.

“CosmicSting (CVE-2024-34102) allows arbitrary file reading on unpatched systems. When combined with CNEXT (CVE-2024-2961), threat actors could advance to remote code execution, taking over the entire system.” — Sansek noted.

The ultimate goal of the compromises is to establish permanent stealth access to the host via GSocket and insert fake scripts that allow the execution of arbitrary JavaScript obtained from the attacker to steal payment data entered by users on websites.

Cyber ​​security

Recent findings show that several companies, including Ray Ban, National Geographic, Cisco, Whirlpool and Segway, have fallen victim to CosmicSting attacks, with at least seven separate groups involved in the exploitation effort –

  • Beaver groupwhich uses coding spaces to hide code that executes a payment skimmer located on a remote server
  • The Polevyka groupwhich uses injection from cdnstatics.net/lib.js
  • Groundhog groupwhich uses XOR encoding to hide JavaScript code
  • Chipmunks groupwhich accesses the dynamic skimmer code from a WebSocket at wss://jgueurystatic(.)xyz:8101
  • Ondatry groupthat uses JavaScript download malware to inject fake payment forms that mimic legitimate forms used on merchant sites
  • Hamster groupwhich issues payment information to domains that include a 2-digit URI (“rextension(.)net/za/”)
  • Group Maybewhich uses CosmicSting from CNEXT to install backdoors and a malware skimmer

“Sellers are strongly encouraged to upgrade to the latest version of Magento or Adobe Commerce,” Sansek said. “They must also change the encryption secrets and make sure that the old keys are invalidated.”

Did you find this article interesting? Follow us Twitter  and LinkedIn to read more exclusive content we publish.





Source link

Share. Facebook Twitter Pinterest LinkedIn Tumblr Email Copy Link
Admin
  • Website

Related Posts

Anubis Ransomware encrypts files and napkins, making recovery impossible even after payment

June 16, 2025

Turning Cybersecurity Practice into Mrr Machine

June 16, 2025

Malicious Pypi Masquerade Package as chimera module for theft Aws, CI/CD and MacOS

June 16, 2025

Invitation to Disagreement Link from ASYNCRAT and SKULD Theft, focused on cry

June 14, 2025

More than 269 000 sites infected with malicious JSFiretruC JavaScript software in one month

June 13, 2025

Transition from Monitoring Alert to Risk Measurement

June 13, 2025
Add A Comment
Leave A Reply Cancel Reply

Loading poll ...
Coming Soon
Do You Like Our Website
: {{ tsp_total }}

Subscribe to Updates

Get the latest security news from Indoguardonline.com

Latest Posts

Anubis Ransomware encrypts files and napkins, making recovery impossible even after payment

June 16, 2025

Turning Cybersecurity Practice into Mrr Machine

June 16, 2025

Malicious Pypi Masquerade Package as chimera module for theft Aws, CI/CD and MacOS

June 16, 2025

Invitation to Disagreement Link from ASYNCRAT and SKULD Theft, focused on cry

June 14, 2025

More than 269 000 sites infected with malicious JSFiretruC JavaScript software in one month

June 13, 2025

Transition from Monitoring Alert to Risk Measurement

June 13, 2025

Band

June 13, 2025

Apple Zero Click’s downside in reports to spy on journalists using spyware Paragon software

June 13, 2025
About Us
About Us

Provide a constantly updating feed of the latest security news and developments specific to Indonesia.

Facebook X (Twitter) Pinterest YouTube WhatsApp
Our Picks

Anubis Ransomware encrypts files and napkins, making recovery impossible even after payment

June 16, 2025

Turning Cybersecurity Practice into Mrr Machine

June 16, 2025

Malicious Pypi Masquerade Package as chimera module for theft Aws, CI/CD and MacOS

June 16, 2025
Most Popular

In Indonesia, crippling immigration ransomware breach sparks privacy crisis

July 6, 2024

Why Indonesia’s Data Breach Crisis Calls for Better Security

July 6, 2024

Indonesia’s plan to integrate 27,000 govt apps in one platform welcomed but data security concerns linger

July 6, 2024
© 2025 indoguardonline.com
  • Home
  • About us
  • Contact us
  • Privacy Policy

Type above and press Enter to search. Press Esc to cancel.