Wednesday, July 23, 2025
Law And Order News
  • Home
  • Law and Legal
  • Military and Defense
  • International Conflict
  • Crimes
  • Constitution
  • Cyber Crimes
No Result
View All Result
  • Home
  • Law and Legal
  • Military and Defense
  • International Conflict
  • Crimes
  • Constitution
  • Cyber Crimes
No Result
View All Result
Law And Order News
No Result
View All Result
Home Cyber Crimes

Cisco merch shoppers stung in CosmicSting attack

Cisco merch shoppers stung in CosmicSting attack


Dangerous information for anybody who bought a Cisco hoodie earlier this month: Suspected Russia-based attackers injected data-stealing JavaScript into the networking large’s on-line retailer promoting Cisco-branded merch.

Cisco has since mounted the difficulty attributable to a flaw in Adobe’s Magento platform, which may have allowed crooks to steal consumers’ bank card particulars and different delicate data at checkout.

“A Cisco-branded merchandise web site that is hosted and administered by a third-party provider was briefly taken offline whereas a safety subject was addressed,” a Cisco spokesperson instructed The Register. 

“Primarily based on our investigation, the difficulty impacted solely a restricted variety of web site customers, and people customers have been notified,” the spokesperson mentioned. “No credentials have been compromised.”

On this explicit case, the unknown attacker(s) reportedly exploited CVE-2024-34102, a important, 9.8-rated vulnerability in Adobe Magento software program, broadly utilized by eCommerce web sites and a favourite goal for thieves seeking to intercept and steal transaction knowledge from unsuspecting customers. These kind of Magento-targeting exploits are collectively referred to as Magecart assaults.

CVE-2024-34102, which places unpatched techniques vulnerable to XML exterior entity injection (XXE) and distant code execution (RCE), was noticed by researcher Sergey Temnikov, who claims he reported the difficulty to Adobe and acquired a $9,000 bug bounty for this discover.

Adobe patched the flaw on June 11, however per week later, eCommerce monitoring agency Sansec reported that solely 25 p.c of shops had upgraded their software program. In the meantime, criminals automated the assault to scale to hundreds of web sites, and a number of proof-of-concept exploits popped up on GitHub and elsewhere.

It seems Cisco’s merchandise retailer was one among these unpatched websites, and on the time of the assault was working Magento 2.4 (Enterprise).

In keeping with c/aspect researchers who analyzed the malicious JS code, it was hosted on a site with a Russia-based IP deal with. The area, rextension[.]web/za/, was registered on August 30.

“The area’s current registration raises pink flags because it may point out a fly-by-night operation designed for fast exploitation earlier than being deserted,” c/aspect’s Himanshu Anand famous. 

“Obfuscated scripts like these are troublesome to detect with out specialised monitoring, making them particularly harmful for each web site house owners and their clients,” he added. ®



Source link

Tags: attackCiscoCosmicStingmerchshoppersstung
Previous Post

Cybercrime Magazine YouTube Channel Exceeds 100,000 Subscribers

Next Post

Senate Should Continue to Confirm Judges to Prevent September Slippage | ACS

Related Posts

Who's Protecting Gamers From Cyberattacks
Cyber Crimes

Who's Protecting Gamers From Cyberattacks

July 23, 2025
Warnings issued as hackers actively exploit critical zero-day in Microsoft SharePoint
Cyber Crimes

Warnings issued as hackers actively exploit critical zero-day in Microsoft SharePoint

July 21, 2025
Cybersecurity Growth Stocks In The Second Half Of 2025
Cyber Crimes

Cybersecurity Growth Stocks In The Second Half Of 2025

July 20, 2025
Russian vodka producer reports disruptions after ransomware attack
Cyber Crimes

Russian vodka producer reports disruptions after ransomware attack

July 18, 2025
Scott Schober: Video Game Pirate Turned Cybersecurity Expert, Inventor, and Author
Cyber Crimes

Scott Schober: Video Game Pirate Turned Cybersecurity Expert, Inventor, and Author

July 17, 2025
Piracy sites for Nintendo Switch, PS4 games taken down by FBI
Cyber Crimes

Piracy sites for Nintendo Switch, PS4 games taken down by FBI

July 15, 2025
Next Post
Senate Should Continue to Confirm Judges to Prevent September Slippage | ACS

Senate Should Continue to Confirm Judges to Prevent September Slippage | ACS

3-year-old girl dies after being left inside a car with her mother in Anaheim

3-year-old girl dies after being left inside a car with her mother in Anaheim

  • Trending
  • Comments
  • Latest
Justices take up disputes over terrorism damages suits and habeas filings – SCOTUSblog

Justices take up disputes over terrorism damages suits and habeas filings – SCOTUSblog

December 8, 2024
At Least Two Volunteer Church Staff Members Shot An Active Shooter and Stopped the Attack at Sunday Church Service

At Least Two Volunteer Church Staff Members Shot An Active Shooter and Stopped the Attack at Sunday Church Service

June 24, 2025
The Major Supreme Court Cases of 2024

The Major Supreme Court Cases of 2024

June 5, 2024
Allies struggle to work with US military in space operations, GAO finds

Allies struggle to work with US military in space operations, GAO finds

July 11, 2025
How Long Before Criminals Start Attacking Cops With Drones? | Crime in America.Net

How Long Before Criminals Start Attacking Cops With Drones? | Crime in America.Net

July 1, 2025
What are RAR days and do they work?

What are RAR days and do they work?

May 9, 2025
Who's Protecting Gamers From Cyberattacks

Who's Protecting Gamers From Cyberattacks

July 23, 2025
Supreme Court dismisses cable operator’s civil appeal against TDSAT order in favour of Zee – India Legal

Supreme Court dismisses cable operator’s civil appeal against TDSAT order in favour of Zee – India Legal

July 23, 2025
People recalled on IPP spend longer in prison

People recalled on IPP spend longer in prison

July 23, 2025
Musings on the Supreme Court’s Handling of its Emergency (“Shadow”) Docket, and Other, Related Procedural Shortcomings in the Court’s Work in the 2024-25 Term

Musings on the Supreme Court’s Handling of its Emergency (“Shadow”) Docket, and Other, Related Procedural Shortcomings in the Court’s Work in the 2024-25 Term

July 23, 2025
Man shot 8-year-old during road rage incident on Near South Side: officials

Man shot 8-year-old during road rage incident on Near South Side: officials

July 23, 2025
Top Biglaw Firm To Open An Office In Silicon Valley – Above the Law

Top Biglaw Firm To Open An Office In Silicon Valley – Above the Law

July 22, 2025
Law And Order News

Stay informed with Law and Order News, your go-to source for the latest updates and in-depth analysis on legal, law enforcement, and criminal justice topics. Join our engaged community of professionals and enthusiasts.

  • About Founder
  • About Us
  • Advertise With Us
  • Disclaimer
  • Privacy Policy
  • DMCA
  • Cookie Privacy Policy
  • Terms and Conditions
  • Contact Us

Copyright © 2024 Law And Order News.
Law And Order News is not responsible for the content of external sites.

No Result
View All Result
  • Home
  • Law and Legal
  • Military and Defense
  • International Conflict
  • Crimes
  • Constitution
  • Cyber Crimes

Copyright © 2024 Law And Order News.
Law And Order News is not responsible for the content of external sites.