October 2, 2024 at 09:03AM
Cybersecurity researchers have revealed that 5% of Adobe Commerce and Magento stores were hacked using a vulnerability named CosmicSting (CVE-2024-34102), allowing remote code execution. The flaw was patched by Adobe in June 2024 but is being widely exploited. Several companies have been affected, with various groups utilizing the exploit for malicious activities. Merchants are urged to upgrade and take security measures.
From the meeting notes on Oct 02, 2024, it was revealed that there is a critical security vulnerability named CosmicSting (CVE-2024-34102) affecting Adobe Commerce and Magento stores. The flaw allows for remote code execution due to an improper restriction of XML external entity reference (XXE) vulnerability. This results in the compromise of e-commerce sites at an alarming rate, with reports of three to five compromises per hour.
The exploitation of this vulnerability allows threat actors to steal encryption keys and manipulate Magento’s REST API to inject malicious scripts. Furthermore, subsequent attacks have combined CosmicSting with another vulnerability (CNEXT, CVE-2024-2961) to achieve remote code execution and establish persistent, covert access on hosts.
Notably, several well-known companies such as Ray Ban, National Geographic, Cisco, Whirlpool, and Segway have already fallen victim to CosmicSting attacks. To make matters worse, there are at least seven distinct groups involved in the exploitation efforts, each using different methods to compromise the affected sites and exfiltrate payment information.
Sansec, a Dutch security firm, has strongly advised merchants to upgrade to the latest version of Magento or Adobe Commerce, rotate secret encryption keys, and invalidate old keys to protect against these attacks. It is crucial for site owners to take immediate action to secure their systems and customer data from these malicious activities.
Furthermore, it is recommended to follow the official social media channels of relevant security organizations and stay updated on the latest security alerts and best practices for defending against cyber threats.