Over 4,000 Adobe Commerce, Magento shops hacked in CosmicSting attacks

Website security company Sansec has been tracking the attacks since June 2024 and observed 4,275 stores breached in CosmicSting attacks, high-profile victims including Whirlpool, Ray-Ban, National Geographic,  Segway, and Cisco, which BleepingComputer reported last month. The researchers are now tracking seven different threat groups that employ CosmicSting to compromise unpatched sites, named "Bobry," "Polyovki," "Surki," "Burunduki," "Ondatry," "Khomyaki," and "Belki." These groups are considered financially motivated opportunists, breaching the sites to steal credit card and customer information. The threat actors are leveraging CosmicSting to steal Magento cryptographic keys, inject payment skimmers to steal cards from order checkout webpages, and even fight each other for control over vulnerable stores. Adobe Commerce and Magento online stores are being targeted in "CosmicSting" attacks at an alarming rate, with threat actors hacking approximately 5% of all stores. Sansec told BleepingComputer that it has warned many of the sites, including Ray-Ban, Whirlpool, National Geographic, and Segway, about these attacks multiple times but has not heard back from any of them. Sansec founder Willem de Groot says that Segway and Whirlpool appear to be fixed and BleepingComputer could not find the malicious code on Ray-Ban's site, indicating it may be fixed as well. The CosmicSting vulnerability (CVE-2024-32102) is a critical severity information disclosure flaw; when chained with CVE-2024-2961, a security issue in glibc's iconv function, an attacker can achieve remote code execution on the target server. Sansec says that multiple threat actors are now conducting attacks as patching speed is not matching the critical nature of the situation. "Sansec projects that more stores will get hacked in the coming months, as 75% of the Adobe Commerce & Magento install base hadn't patched when the automated scanning for secret encryption keys started," warns Sansec. Ondatry was using the "TrojanOrder" flaw in 2022 but has now moved to CosmicSting, which goes to show how some threat actors specialize in the space and continually look for opportunities in easily exploitable critical vulnerabilities. The Polyovki threat actors use 'cdnstatics[.]net' to appear as if the scripts are for website analytics, as shown in the compromise of Ray-Ban's online store. Sansec has provided a tool to check if their site is vulnerable and an "emergency hotfix" has been released to block most CosmicSting attacks, with both available here.

This Cyber News was published on www.bleepingcomputer.com. Publication date: Thu, 03 Oct 2024 17:20:22 +0000


Cyber News related to Over 4,000 Adobe Commerce, Magento shops hacked in CosmicSting attacks

Thousands of Adobe Commerce e-stores hacked by exploiting CosmicSting bug - Sansec researchers reported that multiple threat actors have exploited a critical Adobe Commerce vulnerability, tracked as CVE-2024-34102 (aka CosmicSting, CVSS score of 9.8), to compromise more than 4,000 e-stores over the past three months. Over ...
2 months ago Securityaffairs.com
Over 4,000 Adobe Commerce, Magento shops hacked in CosmicSting attacks - Website security company Sansec has been tracking the attacks since June 2024 and observed 4,275 stores breached in CosmicSting attacks, high-profile victims including Whirlpool, Ray-Ban, National Geographic,  Segway, and Cisco, which ...
2 months ago Bleepingcomputer.com
Revolutionizing Commerce With AI - Picture a future where commerce is not just an exchange of goods and services but an intricate relationship of data, insights, and artificial intelligence. The AI revolution in commerce is redefining how we approach buying, selling, and market ...
11 months ago Feeds.dzone.com
E-commerce Security: Protecting Customer Data - In today's digital landscape, ensuring the security of customer data in e-commerce is a crucial concern for businesses. Protecting e-commerce data security is a complex task that requires a comprehensive understanding of the challenges faced by ...
10 months ago Securityzap.com
Vendors Actively Bypass Year-Old Magento Vulnerability: Security Patch Issues - Vendors are actively bypassing the security patch for a year-old Magento vulnerability, a new research shows. The Magento platform is an open-source eCommerce solution widely used by merchants to create custom stores on the internet. In April 2020, ...
1 year ago Securityweek.com
Samsung Galaxy S23 hacked twice on first day of Pwn2Own Toronto - Security researchers hacked the Samsung Galaxy S23 twice during the first day of the consumer-focused Pwn2Own 2023 hacking contest in Toronto, Canada. They also demoed exploits and vulnerability chains targeting zero-days in Xiaomi's 13 Pro ...
1 year ago Bleepingcomputer.com
9 Best DDoS Protection Service Providers for 2024 - eSecurity Planet content and product recommendations are editorially independent. We may make money when you click on links to our partners. Learn More. One of the most powerful defenses an organization can employ against distributed ...
1 year ago Esecurityplanet.com
US SEC's X account hacked to announce fake Bitcoin ETF approval - The X account for the U.S. Securities and Exchange Commission was hacked today to issue a fake announcement on the approval of Bitcoin ETFs on security exchanges. The announcement came this afternoon in a now-deleted tweet from the SEC's hacked X ...
11 months ago Bleepingcomputer.com
Avast researchers detect a surge in fake e-shops following holidays - We kick off the new year with expectations of sales, but beware: a dangerous wave of fake e-shops is spreading on the internet. As the festive season wraps up, a new challenge emerges for online shoppers: the rise of over 4,000 counterfeit e-shops. ...
11 months ago Blog.avast.com
Exploring Blockchain's Revolutionary Impact on E-Commerce - The trend of choosing online shopping over traditional in-store visits is on the rise, with e-commerce transactions dominating the digital landscape. Blockchain technology emerges as a solution to bolster the security of online transactions. ...
1 year ago Cysecurity.news
Samsung Galaxy S23 hacked two more times at Pwn2Own Toronto - Security researchers hacked the Samsung Galaxy S23 smartphone two more times on the second day of the Pwn2Own 2023 hacking competition in Toronto, Canada. The contestants also demoed zero-day bugs in printers, routers, smart speakers, surveillance ...
1 year ago Bleepingcomputer.com
CVE-2009-2988 - Adobe Reader and Acrobat 7.x before 7.1.4, 8.x before 8.1.7, and 9.x before 9.2 do not properly validate input, which allows attackers to cause a denial of service via unspecified vectors. Per: ...
6 years ago
CVE-2009-2998 - Adobe Reader and Acrobat 7.x before 7.1.4, 8.x before 8.1.7, and 9.x before 9.2 do not properly validate input, which might allow attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2009-3458. Per: ...
6 years ago
CVE-2009-2986 - Multiple heap-based buffer overflows in Adobe Reader and Acrobat 7.x before 7.1.4, 8.x before 8.1.7, and 9.x before 9.2 might allow attackers to execute arbitrary code via unspecified vectors. Per: ...
6 years ago
CVE-2009-2981 - Adobe Reader and Acrobat 7.x before 7.1.4, 8.x before 8.1.7, and 9.x before 9.2 do not properly validate input, which might allow attackers to bypass intended Trust Manager restrictions via unspecified vectors. Per: ...
6 years ago
CVE-2009-3458 - Adobe Reader and Acrobat 7.x before 7.1.4, 8.x before 8.1.7, and 9.x before 9.2 do not properly validate input, which might allow attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2009-2998. Per: ...
6 years ago
CVE-2009-2990 - Array index error in Adobe Reader and Acrobat 9.x before 9.2, 8.x before 8.1.7, and possibly 7.x through 7.1.4 might allow attackers to execute arbitrary code via unspecified vectors. Per: ...
6 years ago
CVE-2009-2980 - Integer overflow in Adobe Reader and Acrobat 7.x before 7.1.4, 8.x before 8.1.7, and 9.x before 9.2 allows attackers to cause a denial of service or possibly execute arbitrary code via unspecified vectors. Per: ...
6 years ago
CVE-2009-2997 - Heap-based buffer overflow in Adobe Reader and Acrobat 7.x before 7.1.4, 8.x before 8.1.7, and 9.x before 9.2 might allow attackers to execute arbitrary code via unspecified vectors. Per: ...
6 years ago
CVE-2009-2992 - An unspecified ActiveX control in Adobe Reader and Acrobat 9.x before 9.2, 8.x before 8.1.7, and possibly 7.x through 7.1.4 does not properly validate input, which allows attackers to cause a denial of service via unknown vectors. Per: ...
6 years ago
CVE-2009-2982 - An unspecified certificate in Adobe Reader and Acrobat 9.x before 9.2, 8.x before 8.1.7, and possibly 7.x through 7.1.4 might allow remote attackers to conduct a "social engineering attack" via unknown vectors. Per: ...
6 years ago
CVE-2009-2991 - Unspecified vulnerability in the Mozilla plug-in in Adobe Reader and Acrobat 8.x before 8.1.7, and possibly 7.x before 7.1.4 and 9.x before 9.2, might allow remote attackers to execute arbitrary code via unknown vectors. Per: ...
6 years ago
CVE-2009-2985 - Adobe Reader and Acrobat 7.x before 7.1.4, 8.x before 8.1.7, and 9.x before 9.2 allow attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2009-2996. ...
6 years ago
CVE-2009-2979 - Adobe Reader and Acrobat 9.x before 9.2, 8.x before 8.1.7, and possibly 7.x through 7.1.4 do not properly perform XMP-XML entity expansion, which allows remote attackers to cause a denial of service via a crafted document. Per: ...
6 years ago
CVE-2009-2993 - The JavaScript for Acrobat API in Adobe Reader and Acrobat 7.x before 7.1.4, 8.x before 8.1.7, and 9.x before 9.2 does not properly implement the (1) Privileged Context and (2) Safe Path restrictions for unspecified JavaScript methods, which allows ...
6 years ago

Latest Cyber News


Cyber Trends (last 7 days)


Trending Cyber News (last 7 days)