Cisco’s official merch store has been the subject of a cybersecurity attack that may have resulted in compromised customer information, including payment card details.
A report by The Register claims suspected Russia-based attackers injected data-stealing JavaScript into the company’s merch store thanks to a flaw in Adobe‘s Magento platform.
Despite the potential severity of the issue, Cisco has confirmed no credentials were compromised during the attack, which it says was remediated swiftly.
Russian hackers target Cisco merch store
“A Cisco-branded merchandise website that’s hosted and administered by a third-party supplier was temporarily taken offline while a security issue was addressed,” the company noted.
The attackers exploited a vulnerability tracked as CVE-2024-34102, which affects Adobe Commerce versions 2.4.7, 2.4.6-p5, 2.4.5-p7, 2.4.4-p8 and earlier. Arbitrary code execution is possible through the vulnerability, which has been awarded a critical 9.8 severity score on the CVSS scale.
Although Adobe has issued a security patch, it’s believed as many as 75% of firms using Adobe’s tool have not applied the fix, including the Cisco merch store.
According to c/side security workers, the script was hosted on a domain associated with an IP address located in Russia. Moreover, the domain was registered just days before the attack, raising suspicions that it could have been a “fly-by-night operation designed for quick exploitation.”
While the attack may have been spotted early enough, it serves as a gentle reminder of the importance of maintaining up-to-date software and security patches in an increasingly digital world where cyberwarfare is becoming an escalating threat.
A Cisco spokesperson added: “Based on our investigation, the issue impacted only a limited number of site users, and those users have been notified.”
More from TechRadar Pro
https://cdn.mos.cms.futurecdn.net/xXaZ3Lb4ZEejUv9ipwK3ha-1200-80.jpg
Source link
