New interactive video – and related downloads – to help secondary school kids stay safe online

The all in one place for non-profit security aid.
Hackers Exploit CosmicSting Flaw to Hack 1000+ Adobe Commerce & Magento Stores
Adobe Commerce (formerly known as Magento) is a robust e-commerce platform owned by Adobe that provides flexible and scalable solutions for both B2B and B2C businesses.
It offers features like “advanced customization,” “integrated analytics,” and “cloud-based hosting” via “Adobe Commerce Cloud.”
Sansec research analysts recently discovered that threat actors have been actively exploiting CosmicSting vulnerability to hack thousands of Adobe Commerce (aka Magento Stores).
Analyse Any Suspicious Links Using ANY.RUN’s New Safe Browsing Tool: Try for Free
A critical security vulnerability known as “CosmicSting” which is tracked as “CVE-2024-34102” has enabled seven distinct hacker groups to compromise “4275 Adobe Commerce and Magento e-commerce platforms” since June 11, 2024.
The vulnerability specifically targeted the cryptographic key system of the platforms.
This enabled threat actors to generate “unauthorized API authorization tokens,” which gave them access to inject malicious code called “payment skimmers” into store checkout pages via “CMS blocks.”
Despite Adobe releasing a security patch on July 8th with a critical severity rating, approximately “5% of all stores were affected.”
This happened due to the update that didn’t automatically invalidate existing cryptographic keys, which left the merchants vulnerable unless they manually removed “old keys.”
The attack groups, identified as:-
Bobry (using whitespace encoding)
Polyovki (utilizing cdnstatics.net)
Surki (employing 42-based encryption)
Burunduki (implementing websocket sniffers)
Ondatry (targeting MultiSafePay payment systems)
The operators of these groups employed various sophisticated techniques like “malware loaders,” “custom obfuscation methods,” and “data exfiltration” via compromised “proxy stores” to steal sensitive customer payment information from affected merchants, Sansec said.
The 2024 CosmicSting cyber attack campaign has emerged as a significant threat targeting vulnerable e-commerce platforms through sophisticated “encryption key” exploitation techniques.
Multiple threat actors like “Group Khomyaki” (utilizing two-letter JSC malware loader endpoints with 2-character URIs), “Group Belki” (deploying Remote Code Execution via exploit combinations with CNEXT), and the “Surki group” (known for skimming malware injection) are actively exploiting unpatched systems.
The attackers’ methodology involves extracting secret encryption keys via “automated scanning,” which helps them establish backdoors in “system files” and “background processes”.
Apart from this, deploying the “CosmicSting malware” enables unauthorized server access and code execution.
While approximately “75% of Adobe Commerce and Magento installations” remained unpatched when the automated encryption key scanning began.
To mitigate these threats merchants are strongly advised to implement three critical security measures:-
Upgrade to the latest version of their e-commerce platform.
Rotate and invalidate old encryption keys.
Deploy server-side malware and vulnerability monitoring solutions.
Free Webinar on How to Protect Small Businesses Against Advanced Cyberthreats -> Free Webinar
The post Hackers Exploit CosmicSting Flaw to Hack 1000+ Adobe Commerce & Magento Stores appeared first on Cyber Security News.
Google Chrome Zero-day Exploited in the Wild: Patch Now!
Google has released urgent upgrades to fix the Chrome zero-day high-severity vulnerability that has been widely exploited, which could lead to software crashes or arbitrary code execution.
To address the actively exploited zero-day vulnerability, the stable channel will be updated to 120.0.6099.129 for Mac and Linux and 120.0.6099.129/130 for Windows. Over the coming days and weeks, the update will be implemented.
The CVE-2023-7024 vulnerability has been defined as a heap-based buffer overflow flaw in the WebRTC framework that might be exploited to cause software crashes or arbitrary code execution.
“Google is aware that an exploit for CVE-2023-7024 exists in the wild”, Google said.
The issue was found and reported by Clément Lecigne and Vlad Stolyarov from Google’s Threat Analysis Group (TAG).
Yesterday @_clem1 and @vladhiewsha discovered and reported a new ITW 0-day to the Chrome team. TODAY, 1 day later, Chrome has a fix out to protect users!!! Thank you, Chrome! CVE-2023-7024https://t.co/2tkx0Zc9pf
— Maddie Stone (@maddiestone) December 20, 2023
Google withheld information regarding the attacks that took use of the vulnerability in the wild.
“Access to bug details and links may be kept restricted until a majority of users are updated with a fix. We will also retain restrictions if the bug exists in a third party library that other projects similarly depend on, but haven’t yet fixed”, Google reports.
With the release of this update, Chrome’s eighth actively exploited zero-day since the year’s beginning has been patched. The lists are as follows:
CVE-2023-2033 – Type Confusion in V8
CVE-2023-2136 – Integer overflow in the Skia graphics library
CVE-2023-3079 – Type Confusion in V8
CVE-2023-4863 – Heap buffer overflow in WebP
CVE-2023-5217 – Heap buffer overflow in vp8 encoding in libvpx
CVE-2023-6345 – Integer overflow in Skia graphics library
CVE-2023-4762 – Type Confusion in V8
Google strongly recommends users update their Chrome web browser immediately to prevent exploitation. To update the Chrome web browser, you have to follow a few simple steps that we have mentioned below:-
Go to the Settings option.
Select About Chrome.
Wait, as Chrome will automatically fetch and download the latest update.
Then wait for the latest version to be installed.
Once the installation process completes, you have to restart Chrome.
Now you are done.
The post Google Chrome Zero-day Exploited in the Wild: Patch Now! appeared first on Cyber Security News.
Cyber Security News
Worries about potential conflict between China and Taiwan prompt new legislation.
Major Tech companies face EU probes over new regulations. Read More
The CyberWire