Friend
Professional
- Messages
- 2,653
- Reaction score
- 850
- Points
- 113
Cisco temporarily closed its online store with branded products after malicious code was discovered there that stole user data during the checkout stage. A store selling clothing and accessories with the company's logo was attacked in which attackers were able to inject JavaScript that collects sensitive data.
It is not known exactly how the malicious code got to the site, but researchers who wished to remain anonymous believe that the attack was carried out using the CosmicSting vulnerability (CVE-2024-34102), which affects the Adobe Commerce (Magento) platform. This vulnerability allows attackers to inject code into CMS blocks that process the checkout process.
Cisco stores in the United States, Europe, as well as the Asia-Pacific region, including Japan and China, were unavailable at the time of writing. The malicious code was distributed from a domain registered just two days before the problem became known to the public. This suggests that the attack took place during the past weekend (August 31 – September 1).
Experts found that hidden JavaScript collects all the information entered by users at the purchase stage, including credit card details, postal addresses, phone numbers, email addresses, and user credentials.
Researchers believe that CosmicSting poses a serious threat because the vulnerability allows the reading of proprietary information through an attack on external XML entities. The main goal of the attackers was to inject malicious code into the HTML or JavaScript blocks displayed at order completion.
Although the Cisco Store is primarily used by the company's employees to buy souvenirs and gifts, the embedded code could also compromise their accounts. However, according to a Cisco spokesperson, no data of the company's employees was lost.
Cisco has notified a limited number of users whose data may have been affected. At the moment, the site remains inaccessible, and the company continues to find out the circumstances of the incident and takes measures to eliminate the threat.
It is not known exactly how the malicious code got to the site, but researchers who wished to remain anonymous believe that the attack was carried out using the CosmicSting vulnerability (CVE-2024-34102), which affects the Adobe Commerce (Magento) platform. This vulnerability allows attackers to inject code into CMS blocks that process the checkout process.
Cisco stores in the United States, Europe, as well as the Asia-Pacific region, including Japan and China, were unavailable at the time of writing. The malicious code was distributed from a domain registered just two days before the problem became known to the public. This suggests that the attack took place during the past weekend (August 31 – September 1).
Experts found that hidden JavaScript collects all the information entered by users at the purchase stage, including credit card details, postal addresses, phone numbers, email addresses, and user credentials.
Researchers believe that CosmicSting poses a serious threat because the vulnerability allows the reading of proprietary information through an attack on external XML entities. The main goal of the attackers was to inject malicious code into the HTML or JavaScript blocks displayed at order completion.
Although the Cisco Store is primarily used by the company's employees to buy souvenirs and gifts, the embedded code could also compromise their accounts. However, according to a Cisco spokesperson, no data of the company's employees was lost.
Cisco has notified a limited number of users whose data may have been affected. At the moment, the site remains inaccessible, and the company continues to find out the circumstances of the incident and takes measures to eliminate the threat.
