CosmicSting Exploit Targets Adobe Commerce and Magento Stores

 

In the summer of 2013, cybercriminals gained access to 5% of all Adobe Commerce and Magento stores worldwide. Large international brands have fallen victim to this attack and are among the victims. The CosmicSting attack is being conducted by seven different groups that plant malicious code on the machines of their victims. 
A new bug, dubbed CosmicSting (CVE-2024-34102), has attacked Magento and Adobe Commerce users in the past two years, causing the stores to crash. A Sansec analysis of its data has found that 3 to 5 hacks are occurring per hour in the stores. Merchants should implement these countermeasures as soon as possible to prevent this from happening to them.
In recent months, CosmicSting attacks have been affecting a large number of Adobe Commerce and Magento websites, with about five of every ten online stores being compromised by these attacks. A CosmicSting vulnerability (CVE-2024-32102) is a critical information exposure vulnerability that can be exploited remotely when combined with another vulnerability in glibc (CVE-2024-2961) that can lead to remote law enforcement. 
A vulnerability has been found within several Adobe Commerce, Magento Open Source, and Adobe Commerce Webhooks plugins that have the potential to affect their performance. The website security association Sansec reports that over 4,275 web security breaches have been reported on the web since

[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.

This article has been indexed from CySecurity News – Latest Information Security and Hacking Incidents

Read the original article: