Skip to content

Hackers steal payment data from Ray-Ban, Whirlpool and others

  • by
  • 2 min read

Thousands of online stores operated by well-known brands, including Ray-Ban, National Geographic, Whirlpool, and Segway, have been compromised by cybercriminals exploiting a critical vulnerability known as CosmicSting (CVE-2024-34102). This flaw is found in Adobe’s Commerce and Magneto platforms and allows attackers to siphon shoppers’ payment card details during transactions.

Researchers have discovered at least seven cybercriminal groups that have exploited this vulnerability breaching over 4,200 stores — around 5% of all Adobe Commerce and Magneto websites, reports The Register.

The flaw is classified as an XML External Entity (XXE) vulnerability, allowing attackers to manipulate a site’s pages and insert malicious JavaScript. This enables criminals to intercept payment details and other sensitive information, such as login credentials, without users noticing.

By exploiting CosmicSting, hackers gain unauthorised access to eCommerce platforms, tampering with checkout pages and stealing data as customers enter it. These attacks have surged despite Adobe releasing a patch for the vulnerability on June 11, 2024.

Typically, when one group infiltrates a site using Magecart tactics, they lock out other attackers. However, CosmicSting has led to infighting, with different groups repeatedly evicting each other from the same stores.

This is an image of cyber security internet security featured

In their campaigns, cybercriminals use CosmicStings to retrieve secret Magneto keys, which are then used to generate tokens granting them unrestricted access to a store’s Magneto API. This enables attackers to alter any webpage hosted on a vulnerable platform, including checkout pages where sensitive data is entered.

While CosmicSting poses an immediate threat by allowing data theft, attackers can combine it with another flaw, CVE-2024-2961, a high-severity buffer overflow in the ‘glibc’ library on Linux systems. When used together, these flaws allow criminals to execute remote code and install persistent backdoors on the host server, granting them long-term control over compromised systems.

It is still unclear whether the affected brands have fully patched their systems or notified customers.

Researchers have urged retailers using these platforms to apply security patches immediately and monitor their sites for signs of malicious activity.

In the News: Patched CUPS flaw could amplify DDoS attacks by 600x

Kumar Hemant

Kumar Hemant

Deputy Editor at Candid.Technology. Hemant writes at the intersection of tech and culture and has a keen interest in science, social issues and international relations. You can contact him here: kumarhemant@pm.me

Related Reads

A qantas airline flight taking off

Australian airline Qantas says data theft affected 6 million customers

This is an image of phishing featured storyblocks

Hackers caught weaponising Vercel’s AI tool to create phishing pages

This is an image of meta fb oculus workspace whatsapp messenger instagram

Meta plans to enforce SEBI verification for investment ads in India

This is an image of cyber security hacked breach

Esse Health is notifying over 263,000 patients of a data breach

This is an image of cctv surveillance camera 2

Canada bans Hikvision; company ordered to halt operations

Photo: trismegist san / shutterstock. Com

Mexican drug cartel hired cybercriminals to identify and kill informant

>