CosmicSting: Adobe Commerce/Magento under attack (CVE-2024-34102)

As many as 5% of stores using Adobe Commerce/Magento may have been affected in the attack. Here is information explaining how to protect your site.

Information om CosmicSting: Attack mot MagentoAdobe Commerce

CosmicSting – what you should know

A security vulnerability called CosmicSting (CVE-2024-34102) has recently infected 1200 websites using Adobe Commerce, formerly known as Magento.

The attack occurred on Monday, October 21. It is suspected to be part of several previous incidents dating back to June this year. The attack writes malware into infected pages, which display a fake maintenance page (see image below).

The versions affected and at risk are:

  • 2.4.4-p8 and earlier
  • 2.4.5-p7 and earlier
  • 2.4.6-p5 and earlier
  • 2.4.7 and earlier
CosmicSting - Image from Sansec
Example of the attack. (Image from Sansec)

How to fix the vulnerability

If you have an Adobe Commerce/Magento installation with us, we encourage you to take one of the following actions:

  1. If your installation is inactive and/or you are no longer using it, you should delete the installation to fix the vulnerability.
  2. If your installation is active, you should update to the latest version as soon as possible. This will stop attackers from accessing your encryption key. (Fixing security holes through the “simple” approach of updating your installation/website also applies in other cases).
  3. If you go through step 2, you should generate a new encryption key and invalidate the old one, in case it has already been stolen.

If you want to read more about the breach, you can do so on “The Hacker News” or get an overview of the timeline here.