HomeSecurity OperationsHackers use Magento bug to steal payment data from E-commerce websites

Hackers use Magento bug to steal payment data from E-commerce websites

Published on

spot_img

In a recent development, threat actors have been identified exploiting a critical vulnerability in Magento to inject a persistent backdoor into e-commerce websites. This particular attack is leveraging CVE-2024-20720, which has received a CVSS score of 9.1 and has been categorized by Adobe as a case of “improper neutralization of special elements,” potentially leading to arbitrary code execution. Adobe took measures to address this vulnerability by releasing security updates on February 13, 2024.

According to Sansec, a cybersecurity company, they have unearthed a sophisticated technique wherein a “cleverly crafted layout template in the database” is being utilized to automatically inject malicious code that can execute arbitrary commands. The attackers are combining the Magento layout parser with the beberlei/assert package, which comes pre-installed, to execute system commands. Essentially, this combination allows them to embed a backdoor for code execution, leading to the deployment of a Stripe payment skimmer to capture and extract financial data to another compromised Magento store.

The malicious activity doesn’t exist in isolation, as the Russian government has taken action against a group of individuals who have been charged with using skimmer malware to pilfer credit card and payment data from international e-commerce platforms since at least late 2017. The suspects indicted in this case include Denis Priymachenko, Alexander Aseyev, Alexander Basov, Dmitry Kolpakov, Vladislav Patyuk, and Anton Tolmachev. As per reports from Recorded Future News, these arrests were carried out about a year ago, as indicated by court documents.

The official statement from the Prosecutor General’s Office of the Russian Federation revealed, “As a result, members of the hacker group illegally took possession of information about almost 160 thousand payment cards of foreign citizens, after which they sold them through shadow internet sites.” This underscores the severity of the cyber threat landscape and the need for stringent cybersecurity measures to safeguard sensitive consumer information.

It is imperative for e-commerce businesses to remain vigilant and implement robust security protocols to mitigate the risks posed by such malicious activities. The exploitation of vulnerabilities like CVE-2024-20720 underscores the importance of timely security updates and patches to prevent unauthorized access and data breaches. As cyber threats continue to evolve, organizations must stay ahead of the curve by investing in cybersecurity solutions and fostering a culture of cyber resilience.

The incident serves as a stark reminder of the ever-present dangers in the digital realm and the critical need for proactive cybersecurity measures to safeguard sensitive data and protect against malicious actors. By staying informed and adopting a proactive approach to cybersecurity, businesses can fortify their defenses against emerging threats and secure their online presence effectively.

Source link

Latest articles

Opera Browser Introduces Native Paste Protection to Prevent Clipboard Hijacking and Code Injection Attacks

Opera Software has recently rolled out a new native security feature known as “Paste...

Navigating Identity, Access, and Data Protection for AI Agents Webinar

Navigating the Complexities of AI Security: Insights from Okta and Zscaler In today's rapidly advancing...

Criminals Impersonate Interpol in Phishing Emails to Distribute Ransomware

Cybercriminals Masking as Law Enforcement Agencies Launch Phishing Campaign Targeting Businesses In a worrying development...

Argo CD Vulnerability Highlights the Need to Treat GitOps Infrastructure as Tier Zero

Evaluating Security Measures in GitOps Infrastructure: The Insights from Experts In the realm of modern...

More like this

Opera Browser Introduces Native Paste Protection to Prevent Clipboard Hijacking and Code Injection Attacks

Opera Software has recently rolled out a new native security feature known as “Paste...

Navigating Identity, Access, and Data Protection for AI Agents Webinar

Navigating the Complexities of AI Security: Insights from Okta and Zscaler In today's rapidly advancing...

Criminals Impersonate Interpol in Phishing Emails to Distribute Ransomware

Cybercriminals Masking as Law Enforcement Agencies Launch Phishing Campaign Targeting Businesses In a worrying development...