October 3, 2024 at 11:49PM
Numerous well-known brands’ web stores, including Ray-Ban and National Geographic, were targeted by criminals using the CosmicSting flaw in Adobe’s Commerce and Magento software. The vulnerability, CVE-2024-34102, allowed stolen shopper payment card information. At least seven cybercrime gangs exploited the flaw, despite Adobe’s patch. Multiple groups are fighting for control over the same stores, leading to continued threats.
The meeting notes highlight the serious impact of the CosmicSting vulnerability on web stores using Adobe’s Commerce and Magento software. Criminals have been exploiting this vulnerability to steal payment card information and other sensitive data from online shoppers. At least seven cybercrime groups are involved in ongoing attacks, impacting a significant number of online merchants. The vulnerability, rated at 9.8 out of 10 on the CVSS scale, can be exploited to alter webpages, steal data, and even achieve remote code execution.
Despite Adobe’s patching efforts, the attacks had already begun by the time the fix was released, leading to persistent access and control issues on compromised sites. The nature of the vulnerability also allows multiple criminal groups to fight for control over the same store, leading to ongoing incidents and expected future attacks.
Given the severity and widespread nature of these attacks, it is crucial for affected merchants to take proactive measures to address any potential vulnerabilities and to stay informed about the evolving threat landscape. This poses a significant risk to the security and integrity of online shopping sites, and vigilance is necessary to mitigate the impact of the CosmicSting vulnerability.