Sansec researchers reported that multiple threat actors have exploited a critical Adobe Commerce vulnerability, tracked as CVE-2024-34102 (aka CosmicSting, CVSS score of 9.8), to compromise more than 4,000 e-stores over the past three months. Over 4,000 unpatched Adobe Commerce and Magento stores have been compromised by exploiting critical vulnerability CVE-2024-34102. According to Sansec, CosmicSting (CVE-2024-34102) is the most severe bug impacting Magento and Adobe Commerce stores in two years, with hacks occurring at a rate of 3 to 5 per hour. Despite ongoing warnings, five percent of all Adobe Commerce and Magento stores ended up with a payment skimmer on their checkout page this summer.” reports Sansec. The exploitation has a severe impact on e-commerce, the researchers reported that cybercriminals have hacked 5% of all Adobe Commerce and Magento stores this summer. “CosmicSting targets a critical bug in the Adobe Commerce and Magento platforms. Sansec experts reported that at least seven distinct groups are exploiting the vulnerability CosmicSting to deploy e-skimmers on victim stores. Adobe warned that it is aware that CVE-2024-34102 has been exploited in the wild in limited attacks targeting Adobe Commerce merchants. “Each group uses CosmicSting attacks to steal secret Magento cryptographic keys.” continues Sansec. Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. “Sansec research shows that seven different groups have been hacking into 4275 online stores since the publication of CVE-2024-34102 (also known as CosmicSting) on June 11th.
This Cyber News was published on securityaffairs.com. Publication date: Thu, 03 Oct 2024 15:43:06 +0000