September 4, 2024 at 11:53AM
Cisco’s online merchandise store is currently offline and undergoing maintenance due to a compromise with malicious JavaScript code that steals sensitive customer details during the checkout process. The attack appears to be a CosmicSting vulnerability, affecting the store’s ability to process transactions and potentially compromising customer data. Cisco has not yet responded to inquiries about the incident.
Based on the meeting notes, here are the key takeaways:
1. Cisco’s merchandise store website is currently offline and under maintenance due to a compromise with JavaScript code that is stealing sensitive customer details during the checkout process.
2. The malicious JavaScript is heavily obfuscated and has been delivered from the domain “rextension.[net]” which was registered just two days before the attack was discovered.
3. The compromised JavaScript is designed to steal credit card details and other sensitive information such as postal addresses, phone numbers, email addresses, and user login credentials.
4. The attack appears to be a CosmicSting vulnerability (CVE-2024-34102) which is a critical-severity security issue affecting the Adobe Commerce (Magento) shopping platform, enabling attackers to read private data.
5. The attack could potentially allow the attackers to harvest Cisco employee credentials.
6. Researchers believe that the malicious JavaScript was injected into Cisco’s store using the CosmicSting vulnerability.
7. It has been noted that the Cisco merchandise store is likely used primarily by employees who purchase the merchandise for themselves or as gifts.
Please let me know if there is any specific action or information that you would like further clarification on.