CosmicSting – what you should know
A security vulnerability called CosmicSting (CVE-2024-34102) has recently infected 1200 websites using Adobe Commerce, formerly known as Magento.
The attack occurred on Monday, October 21. It is suspected to be part of several previous incidents dating back to June this year. The attack writes malware into infected pages, which display a fake maintenance page (see image below).
The versions affected and at risk are:
- 2.4.4-p8 and earlier
- 2.4.5-p7 and earlier
- 2.4.6-p5 and earlier
- 2.4.7 and earlier
How to fix the vulnerability
If you have an Adobe Commerce/Magento installation with us, we encourage you to take one of the following actions:
- If your installation is inactive and/or you are no longer using it, you should delete the installation to fix the vulnerability.
- If your installation is active, you should update to the latest version as soon as possible. This will stop attackers from accessing your encryption key. (Fixing security holes through the “simple” approach of updating your installation/website also applies in other cases).
- If you go through step 2, you should generate a new encryption key and invalidate the old one, in case it has already been stolen.
If you want to read more about the breach, you can do so on “The Hacker News” or get an overview of the timeline here.