Hackers Target Adobe – Magento Websites
Dark Web Links to Zero-day Hack
The Magento platform is under attack by dark web hackers. The new revelation links hackers to the Zero-Day bug that recently seems to be popping up on several websites. Adobe warned that its IT engineers recently fixed a Zero-day bug that has infiltrated its Magento platform.
The Adobe alert promptly made users aware of the critical update. In its alert, Adobe states that exploitation of Zero-day bugs allows it to execute attacks via a malicious code. The exploiting bug was exposed in an advisory titled – Magento Zero-Day Bug Actively Exploited In The Wild.
According to the update, it shares that Adobe’s Magento was hit by a critical security bug. Magento, the popular eCommerce platform is renowned for facilitating countless online stores. And with the popular open-source platform’s massive usage, any vulnerable breach from dark web hackers would link to millions of Internet users. In that, a hacking attack would devastate online stores across the globe.
The advisory elaborated on the code execution that has a critical flaw in Adobe. Analysts warned it could affect all websites built on the Magento Open Source platform.
Dark Web Hackers Attack Magento Stores
As reported by Adobe IT engineers, currently there is an active exploitation campaign with the Zero-day bug wreaking havoc on numerous eCommerce stores on the Magento platform. The tech giant even admitted active exploitation of the bug targeting certain popular online stores. Furthermore, Adobe stated that its team of cyber security analysts is aware of the CVE-2022-24086 bug exploitation dubbed in the wild, accounting for just a few hack attacks against merchants on the Adobe Commerce platform.
The CVE-2022-24086 Zero-day bug vulnerability is caused by incorrect input of its validation codes without the proper validation. With that security breach, the critical bug bypasses administrative privileges. Thus, without the proper input validation, and no proper authentication, the CVSS code score of 9.8 afford it the needed validation.
As reported by Adobe, the exploiting Zero-day vulnerability affected its commerce versions 2.4.3-p1 and 2.3.7, as well as numerous previous versions. In addition, the Magento versions 2.4.3-p1 and 2.3.7-p2 that covers all its popular platforms.
However, according to Adobe, its Commerce 2.3.3. platform was quickly updated with released patches that addressed the glitch quickly. In addition, patches were applied to Adobe Commerce MDVA-43395_EE_2.4.3-p1_v1 and Magento Open Source MDVA-43395_EE_2.4.3-p1_v1.
Dark Web Hackers Hunt Victims
Reportedly, dark web criminals have been on the hunt for vulnerable websites on the Magento platform to hack. Therefore, Adobe advised all users on the Magento Open Source platform to quickly apply the new patch to prevent the infiltration of dark web hackers.
A critical warning issued by Sansec cyber security analysts warned websites built on the Magento platform. Website administrators should expect a large scale scan from dark web hackers to find vulnerable victims.
The Adobe Commerce update is called “emergency fix” released by the tech giant as Patch Tuesday. The new patch works with various Adobe Magento products such as Adobe Photoshop, After Effects, Illustrator, Creative Cloud Desktop, and Adobe Premiere Rush.