{"id":511,"date":"2024-10-04T11:56:31","date_gmt":"2024-10-04T11:56:31","guid":{"rendered":"https:\/\/cybersecurityinfocus.com\/?p=511"},"modified":"2024-10-04T11:56:31","modified_gmt":"2024-10-04T11:56:31","slug":"hackers-steal-sensitive-customer-data-from-thousands-of-online-stores-that-use-adobe-tools","status":"publish","type":"post","link":"https:\/\/cybersecurityinfocus.com\/?p=511","title":{"rendered":"Hackers steal sensitive customer data from thousands of online stores that use Adobe tools"},"content":{"rendered":"
\n
\n
\n
\n
<\/div>\n

Distinct groups of cybercriminals have been exploiting the CosmicSting flaw in Adobe\u2019s Commerce and Magento software to steal customers\u2019 payment information.<\/p>\n

According to research by Sansec, miscreants have used the flaw, also tracked as CVE-2024-34102, to hack at least 5% of all Adobe Commerce and Magento stores this summer, breaking into thousands of brands using the e-commerce solution, including a clutch of household names.<\/p>\n

\u201cSeven distinct groups are using CosmicSting attacks to plant malicious code on victim stores,\u201d Sansec said in a blog post<\/a>. \u201cAmong the victims are Ray Ban, National Geographic, Cisco, Whirlpool, and Segway.\u201d<\/p>\n

Last week, Adobe advised<\/a> users to immediately apply a hotfix for the vulnerability as they are aware that the flaw has been exploited in the wild. In June, the software giant released an update including the patch as well as an isolated patch for customers to seal the critical security hole.<\/p>\n

Widely used e-commerce customizing tools<\/h2>\n

Magento is an open-source e-commerce platform, launched in 2008, designed to help businesses build and customize online stores with a range of features, including product management, payment gateways, and shipping options. <\/p>\n

In 2018 Adobe acquired Magento<\/a> to power a fully-managed, cloud-hosted offering within the Adobe Experience Cloud. A version of this offering was later paywalled within a license by Adobe to package a new, larger offering called Adobe Commerce.<\/p>\n

Magento is available as a free e-commerce tool for smaller businesses while Adobe Commerce has a license fee, charging a percentage of a business\u2019s annual revenue.<\/p>\n

As of 2024 these stores, together, support over 230k active websites globally. Earlier in June, Sansec Forensics Team had warned that more than 75%<\/a> of these stores were vulnerable to CosmicSting attacks.<\/p>\n

CosmicSting attacks pose a serious threat<\/h2>\n

In a separate blog<\/a> explaining the details of the CosmicSting attacks, Sansec said these stores are getting hacked at a rate of 3 to 5 per hour, and merchants need to patch this flaw immediately.<\/p>\n

The bug, with a severity rating of CVSS 9.8 out of 10, can be used to read any files, including passwords and other secrets. \u201cThe typical attack strategy is to steal your secret crypt key from app\/etc\/env.php and use that to modify your CMS blocks via the Magento API,\u201d Sansec said. \u201cThen, attackers inject malicious Javascript to steal your customer\u2019s data.\u201d<\/p>\n

Combined with another bug (CVE-2024-2961), attackers can also run code directly on customers\u2019 servers and use that to install backdoors, the cybersecurity firm added.<\/p>\n

Versions of Magento and Adobe Commerce vulnerable to a CosmicSting attack include 2.4.7 and earlier, 2.4.6-p5 and earlier, 2.4.5-p7 and earlier, and 2.4.4-p8 and earlier. Enterprises are advised to immediately patch and apply hotfix for the flow.<\/p>\n

Also by Shweta Sharma:<\/p>\n

Over 80% of phishing sites now target mobile devices<\/a><\/p>\n

Critical Ivanti flaw exploited despite available patches<\/a><\/p>\n

Data of 300k digiDirect customers leaked in alleged attack
<\/a><\/p>\n

><\/p><\/div>\n<\/div>\n<\/div>\n<\/div>","protected":false},"excerpt":{"rendered":"

Distinct groups of cybercriminals have been exploiting the CosmicSting flaw in Adobe\u2019s Commerce and Magento software to steal customers\u2019 payment information. According to research by Sansec, miscreants have used the flaw, also tracked as CVE-2024-34102, to hack at least 5% of all Adobe Commerce and Magento stores this summer, breaking into thousands of brands using […]<\/p>\n","protected":false},"author":0,"featured_media":496,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[3],"tags":[],"class_list":["post-511","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-education"],"_links":{"self":[{"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=\/wp\/v2\/posts\/511"}],"collection":[{"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"replies":[{"embeddable":true,"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=511"}],"version-history":[{"count":0,"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=\/wp\/v2\/posts\/511\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=\/wp\/v2\/media\/496"}],"wp:attachment":[{"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=511"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=511"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=511"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}