Big names among thousands infected by payment-card-stealing CosmicSting crooks

October 3, 2024 at 11:49PM Numerous well-known brands’ web stores, including Ray-Ban and National Geographic, were targeted by criminals using the CosmicSting flaw in Adobe’s Commerce and Magento software. The vulnerability, CVE-2024-34102, allowed stolen shopper payment card information. At least seven cybercrime gangs exploited the flaw, despite Adobe’s patch. Multiple groups are fighting for control … Read more

Over 4,000 Adobe Commerce, Magento shops hacked in CosmicSting attacks

October 3, 2024 at 01:20PM Adobe Commerce and Magento online stores are under threat from CosmicSting attacks, leading to approximately 5% of stores being hacked. Vulnerability CVE-2024-32102 enables remote code execution and impacts various Adobe Commerce and Magento versions. Sansec reported 4,275 breached stores, with upcoming attacks projected due to slow patching response. Multiple threat … Read more

Alert: Adobe Commerce and Magento Stores Under Attack from CosmicSting Exploit

October 2, 2024 at 09:03AM Cybersecurity researchers have revealed that 5% of Adobe Commerce and Magento stores were hacked using a vulnerability named CosmicSting (CVE-2024-34102), allowing remote code execution. The flaw was patched by Adobe in June 2024 but is being widely exploited. Several companies have been affected, with various groups utilizing the exploit for … Read more

CosmicSting flaw impacts 75% of Adobe Commerce, Magento sites

June 20, 2024 at 05:32PM A critical vulnerability, “CosmicSting” (CVE-2024-34102), affecting Adobe Commerce and Magento websites, poses a major security threat. Despite a security update being available, the majority of impacted sites remain unpatched, leaving them open to severe attacks. Administrators are urged to apply the recommended fixes immediately, with specific versions provided. For those … Read more

Patch Tuesday: Code Execution Flaws in Multiple Adobe Software Products

April 9, 2024 at 01:42PM Adobe issued urgent security updates for its enterprise products, including Adobe Commerce and Magento Open Source, to address code execution vulnerabilities that hackers could exploit. The company also fixed security flaws in Adobe Experience Manager, Adobe Media Encoder, Adobe After Effects, Adobe Photoshop, Adobe InDesign, and Adobe Animate through Patch … Read more

Magento Vulnerability Exploited to Deploy Persistent Backdoor

April 5, 2024 at 07:06AM Sansec reports exploitation of CVE-2024-20720 in Magento, allowing backdoor injection. Adobe patched it in Feb 2024, but unpatched websites remain vulnerable. Threat actors exploit by injecting XML code. Attackers use layout parser and assert package for system command execution. Backdoor is periodically reinfected for remote code execution and payment data … Read more

Patch Tuesday: Adobe Warns of Critical Flaws in Widely Deployed Software

February 13, 2024 at 01:03PM Adobe released patches for 30 security vulnerabilities in various products, including Adobe Acrobat, Reader, and Magento Open Source, among others. Users are at risk of code execution, security feature bypass, and denial-of-service attacks. The urgent patches address critical flaws and code execution bugs, with Adobe’s assurance of no known exploits … Read more