Close Menu
Indo Guard OnlineIndo Guard Online
  • Home
  • Cyber Security
  • Risk Management
  • Travel
  • Security News
  • Tech
  • More
    • Data Privacy
    • Data Protection
    • Global Security
What's Hot

American agencies warn of Iranian protection cyber growth, OT networks and critical infrastructure

June 30, 2025

Europol demonstrates $ 540 million in cryptocurrency fraud, arrests five suspects

June 30, 2025

Slide

June 30, 2025
Facebook X (Twitter) Instagram
Facebook X (Twitter) Instagram YouTube
Indo Guard OnlineIndo Guard Online
Subscribe
  • Home
  • Cyber Security
  • Risk Management
  • Travel
  • Security News
  • Tech
  • More
    • Data Privacy
    • Data Protection
    • Global Security
Indo Guard OnlineIndo Guard Online
Home » Adobe Commerce and Magento Stores Under Attack by CosmicSting Exploit
Global Security

Adobe Commerce and Magento Stores Under Attack by CosmicSting Exploit

AdminBy AdminOctober 2, 2024No Comments3 Mins Read
Adobe Commerce and Magento Stores
Share
Facebook Twitter LinkedIn Pinterest Email Copy Link


October 2, 2024Ravi LakshmananVulnerability / data breach

Adobe Commerce and Magento stores

Cyber ​​security researchers have opened that 5% of all Adobe Commerce and Magento stores were compromised by attackers using a security vulnerability called CosmicSting.

Tracked as CVE-2024-34102 (CVSS score: 9.8), art a critical flaw refers to an improperly bounded XML External Object (XXE) reference vulnerability that could lead to remote code execution. A flaw credited to a researcher named “space wasp,” was patched by Adobe in June 2024.

Dutch security firm Sansec, which has described CosmicSting called it “the worst bug to hit Magento and Adobe Commerce stores in the last two years.”

Cyber ​​security

The shortage has since appeared extensive exploitationprompting the US Cybersecurity and Infrastructure Security Agency (CISA) to add it to the list of known exploitable vulnerabilities (KEV) in mid-July 2024.

Some of these attacks to attract exploiting a flaw in the weapon to steal Magento’s private encryption key, which is then used to generate JSON Web Tokens (JWT) with full administrative access to the API. It was then observed that threat actors are taking advantage of the Magento REST API to implement malicious scripts.

Adobe Commerce and Magento stores

It also means that applying the latest patch is not enough to protect against the attack, so site owners must take steps to turn the encryption keys.

Subsequent attacks observed in August 2024 chained CosmicSting to CNEXT (CVE-2024-2961), a vulnerability in the iconv library in the GNU C library (aka glibc), to achieve remote code execution.

“CosmicSting (CVE-2024-34102) allows arbitrary file reading on unpatched systems. When combined with CNEXT (CVE-2024-2961), threat actors could advance to remote code execution, taking over the entire system.” — Sansek noted.

The ultimate goal of the compromises is to establish permanent stealth access to the host via GSocket and insert fake scripts that allow the execution of arbitrary JavaScript obtained from the attacker to steal payment data entered by users on websites.

Cyber ​​security

Recent findings show that several companies, including Ray Ban, National Geographic, Cisco, Whirlpool and Segway, have fallen victim to CosmicSting attacks, with at least seven separate groups involved in the exploitation effort –

  • Beaver groupwhich uses coding spaces to hide code that executes a payment skimmer located on a remote server
  • The Polevyka groupwhich uses injection from cdnstatics.net/lib.js
  • Groundhog groupwhich uses XOR encoding to hide JavaScript code
  • Chipmunks groupwhich accesses the dynamic skimmer code from a WebSocket at wss://jgueurystatic(.)xyz:8101
  • Ondatry groupthat uses JavaScript download malware to inject fake payment forms that mimic legitimate forms used on merchant sites
  • Hamster groupwhich issues payment information to domains that include a 2-digit URI (“rextension(.)net/za/”)
  • Group Maybewhich uses CosmicSting from CNEXT to install backdoors and a malware skimmer

“Sellers are strongly encouraged to upgrade to the latest version of Magento or Adobe Commerce,” Sansek said. “They must also change the encryption secrets and make sure that the old keys are invalidated.”

Did you find this article interesting? Follow us Twitter  and LinkedIn to read more exclusive content we publish.





Source link

Share. Facebook Twitter Pinterest LinkedIn Tumblr Email Copy Link
Admin
  • Website

Related Posts

American agencies warn of Iranian protection cyber growth, OT networks and critical infrastructure

June 30, 2025

Europol demonstrates $ 540 million in cryptocurrency fraud, arrests five suspects

June 30, 2025

Slide

June 30, 2025

Pragmatic approach to NHI stocks

June 30, 2025

FBI warns about expanded spider attacks on airline using social engineering

June 28, 2025

The new AI Facebook tool asks for upload your photos for plot ideas, causing privacy trouble

June 28, 2025
Add A Comment
Leave A Reply Cancel Reply

Loading poll ...
Coming Soon
Do You Like Our Website
: {{ tsp_total }}

Subscribe to Updates

Get the latest security news from Indoguardonline.com

Latest Posts

American agencies warn of Iranian protection cyber growth, OT networks and critical infrastructure

June 30, 2025

Europol demonstrates $ 540 million in cryptocurrency fraud, arrests five suspects

June 30, 2025

Slide

June 30, 2025

Pragmatic approach to NHI stocks

June 30, 2025

FBI warns about expanded spider attacks on airline using social engineering

June 28, 2025

The new AI Facebook tool asks for upload your photos for plot ideas, causing privacy trouble

June 28, 2025

From the theft of the browser to the intelligence collection instrument

June 28, 2025

More than 1000 SOHO devices hacked in China associated with cyber-science associated with cyber

June 27, 2025
About Us
About Us

Provide a constantly updating feed of the latest security news and developments specific to Indonesia.

Facebook X (Twitter) Pinterest YouTube WhatsApp
Our Picks

American agencies warn of Iranian protection cyber growth, OT networks and critical infrastructure

June 30, 2025

Europol demonstrates $ 540 million in cryptocurrency fraud, arrests five suspects

June 30, 2025

Slide

June 30, 2025
Most Popular

In Indonesia, crippling immigration ransomware breach sparks privacy crisis

July 6, 2024

Why Indonesia’s Data Breach Crisis Calls for Better Security

July 6, 2024

Indonesia’s plan to integrate 27,000 govt apps in one platform welcomed but data security concerns linger

July 6, 2024
© 2025 indoguardonline.com
  • Home
  • About us
  • Contact us
  • Privacy Policy

Type above and press Enter to search. Press Esc to cancel.