Magento Vulnerability Exploited by Threat Actors

Apr 08 2024

.bh__table, .bh__table_header, .bh__table_cell { border: 1px solid #C0C0C0; }
.bh__table_cell { padding: 5px; background-color: #FFFFFF; }
.bh__table_cell p { color: #2D2D2D; font-family: ‘Helvetica’,Arial,sans-serif !important; overflow-wrap: break-word; }
.bh__table_header { padding: 5px; background-color:#F1F1F1; }
.bh__table_header p { color: #2A2A2A; font-family:’Trebuchet MS’,’Lucida Grande’,Tahoma,sans-serif !important; overflow-wrap: break-word; }

Gone Phishing Banner

Welcome to Gone Phishing, your daily cybersecurity newsletter that wonders whether #WWIII will be a cyber one? And will the revolution be televised? Or live streamed? πŸ™ƒ #DeathtoAmerica is trending 😬😬😬

Β Today’s hottest cybersecurity news stories:

  • πŸ›’ Magneto (now Adobe) bug is being exploited, payment data stolen πŸ’³

  • β›ˆοΈ Winter is coming… Cybersecurity firms raised $2.3B in Q1 of 2024

  • πŸͺ Saudi Arabian financial firms bitten by Solar Spider’s JSOutProx RAT πŸ•·οΈ

Still haven’t updated Magneto? Adobe silly! πŸ‘€πŸ˜‚πŸ˜

🚨 Cybersecurity Alert: Magento Vulnerability Exploited by Threat Actors! πŸ”’

Heads up, online sellers! A critical flaw in Magento has been targeted by cyber attackers, posing a serious threat to e-commerce websites. Β 

The Vulnerability πŸšͺ

Known as CVE-2024-20720 (CVSS score: 9.1), this vulnerability allows attackers to inject a persistent backdoor into Magento sites, potentially leading to arbitrary code execution.

Adobe addressed this issue in security updates released on February 13, 2024.

How It Works πŸ› οΈ

Sansec discovered attackers using a sneaky database layout template to automatically insert malicious code. By combining the Magento layout parser with default packages, they execute system commands. This code injection occurs when specific web pages, like the checkout cart, are accessed.

The Consequences βš–οΈ

The injected code sets up a backdoor for deploying a Stripe payment skimmer, stealing sensitive financial data. 😨

In Other News πŸ“°

The Russian government has charged six individuals for using similar skimmer malware to steal credit card info from foreign e-commerce sites since 2017. This highlights the ongoing threat of cybercrime in the e-commerce world. πŸŒπŸ’³

Stay vigilant and update your Magento platform to stay protected against such threats! πŸ”’βœ…

Learn AI in 5 minutes a day. We'll teach you how to save time and earn more with AI. Join 400,000+ free daily readers for trending tools, productivity boosting prompts, the latest news, and more.

β€œBillions, Jesse. With a B” πŸ₯½πŸ₯ΌπŸ‘¨πŸ§ͺπŸ’Ž

🚨 Cybersecurity Funding Update: Q1 2024 Highlights! πŸ“ˆ

Exciting news from the cybersecurity world! πŸ’» According to Pinpoint Search Group's Cyber Security Vendor Funding Report for Q1 2024, cybersecurity companies collectively raised an impressive $2.3 billion in funding. πŸš€

Key Findings πŸ”‘

  • Pinpoint tracked 77 funding rounds, similar to Q1 2023.

  • Despite the number of rounds remaining constant, the total investment decreased by 20% compared to Q1 2023.

  • March saw a record-breaking $1.4 billion raised across 42 funding rounds, the highest monthly total since February 2023.

Breakdown by Funding Rounds πŸ’Έ

  • Seed rounds led the pack with 32 rounds, followed by Series A (18) and Series B (9).

  • Growth funding amounted to $682 million, with Series E ($410 million), Series A ($375 million), and Series B ($320 million) also significant.

Industry Insight 🏭

Pinpoint noted a positive trend in late-stage rounds (Series C and higher) compared to 2023, indicating potential stability and growth in the cybersecurity sector.

Expert Opinion πŸ€“

Mark Sasson from Pinpoint Search Group highlighted the challenges of 2023 but emphasised positive signs, especially in later funding rounds. Notable investments include Silverfort, Extrahop, Bugcrowd, Coro, Axonius, Nozomi, and Claroty.

Despite fluctuations, the cybersecurity industry remains resilient and poised for continued innovation and development. πŸ›‘οΈπŸ’°

🎣 Catch of the Day!! 🌊🐟🦞

πŸƒΒ The Motley Fool: β€œFool me once, shame on β€” shame on you. Fool me β€” you can't get fooled again.” Good ol’ George Dubya πŸ˜‚ Let us tell who’s not fooling around though; that’s the CrΓΌe πŸ‘€ at Motley Fool. You’d be a fool (alright, enough already! πŸ™ˆ) not to check out their Share Tips from time to time so your savings can one day emerge from their cocoon as a beautiful butterfly! πŸ› Kidding aside, if you check out their website they’ve actually got a ton of great content with a wide variety of different investment ideas to suit most budgets πŸ€‘Β (LINK)

🚡 Wander: Find your happy place. Cue Happy Gilmore flashback πŸŒοΈβ›³πŸŒˆπŸ•ŠοΈ Mmmm Happy Place… πŸ˜‡ So, we’ve noticed a lot of you guys are interested in travel. As are we! We stumbled upon this cool company that offers a range of breath-taking spots around the United States and, honestly, the website alone is worth a gander. When all you see about the Land of the free and the home of the brave is news of rioting, looting and school shootings, it’s easy to forget how beautiful some parts of it are. The awe-inspiring locations along with the innovative architecture of the hotels sets Wander apart from your run of the mill American getaway 🏞️😍 (LINK)

🌊 Digital Ocean: If you build it they will come. Nope, we’re not talking about a baseball field for ghosts βšΎπŸ‘»πŸΏ (Great movie, to be fair πŸ™ˆ). This is the Digital Ocean who’ve got a really cool platform for building and hosting pretty much anything you can think of. If you check out their website you’ll find yourself catching the buzz even if you can’t code (guilty πŸ˜‘). But if you can and you’re looking for somewhere to test things out or launch something new or simply enhance what you’ve got, we’d recommend checking out their services fo’ sho πŸ˜‰ And how can you not love their slogan: Dream it. Build it. Grow it. Right on, brother! 🌿 (LINK)

Saudi Arabia? More like Cyber Arachnia πŸ•·οΈπŸ‘€πŸ’€

🚨 New Threat Alert: JSOutProx Malware Strikes Middle East Organizations! πŸ•Œ

Heads up, cyber defenders! A sophisticated threat group has unleashed an updated version of the JSOutProx JavaScript remote access Trojan (RAT), targeting organisations in the Middle East. 😱

What You Need to Know ⚠️

  • Cybersecurity firm Resecurity uncovered this new wave of attacks, revealing the malware's complex capabilities.

  • The attackers tailor the malware's functions to each victim's environment, making it highly adaptable and dangerous.

Insight from Experts πŸ€“

Gene Yoo, CEO of Resecurity, describes JSOutProx as a multi-stage implant with multiple plug-ins. It infiltrates systems, gathering data and carrying out malicious actions based on the victim's profile.

Identifying the Culprits πŸ•΅οΈ

The cybercriminal group behind JSOutProx, dubbed Solar Spider, is believed to have ties to China. Their targets span across India, the Asia-Pacific, Africa, and the Middle East.

Modus Operandi πŸ› οΈ

JSOutProx poses as innocuous PDF files containing financial documents. Once opened, it executes JavaScript, initiating a two-stage attack process. The malware downloads additional plug-ins from legitimate platforms like GitHub or GitLab to evade detection.

Protecting Against JSOutProx πŸ›‘οΈ

  • Educate employees on handling suspicious emails or files.

  • Β Implement robust defence-in-depth strategies, including patching, network segmentation, and vulnerability management.

Financial institutions, in particular, are at risk of data theft and other malicious activities orchestrated by JSOutProx. Vigilance and proactive security measures are crucial to thwarting these threats. πŸ’ͺπŸ”’

πŸ—žοΈ Extra, Extra! Read all about it!

Every few weeks, we carefully select three hot newsletters to show you. Reputation is everything, so any links we share come from personal recommendation or carefully researched businesses at the time of posting. Enjoy!

  • πŸ›‘οΈ Tl;dr sec: Join 30,000+ security professionals getting the best tools, blog posts, talks, and resources right in their inbox for free every Thursday πŸ“…

  • πŸ’΅Β Crypto Pragmatist: Crypto made simple. Actionable alpha in 5 minutes, 3x a week. Join 47,000+ investors and insiders, for πŸ†“

  • πŸ“ˆΒ Bitcoin Breakdown: The best in Bitcoin, carefully curated by an alien from the future πŸ‘Ύ

Let us know what you think!

So long and thanks for reading all the phish!

Recent articles