Mon Sep 09 15:02:00 UTC 2024: ## Russian Hackers Target Cisco Merch Store in Data-Stealing Attack

**San Francisco, CA** – Cisco’s official merchandise store has been targeted in a cyberattack suspected to be carried out by Russia-based hackers. The attack, which exploited a vulnerability in Adobe’s Magento platform, may have resulted in compromised customer information including payment card details.

According to The Register, the attackers injected data-stealing JavaScript into the store’s website, utilizing a flaw tracked as CVE-2024-34102. This vulnerability, which has been assigned a critical severity score, allows for arbitrary code execution. While Adobe has released a security patch, it is believed that up to 75% of businesses using the platform have yet to apply it, including Cisco’s merch store.

Cisco confirmed that the attack was swiftly addressed and no credentials were compromised. However, they acknowledged that a limited number of users were affected and have been notified.

Security experts noted that the script responsible for the attack was hosted on a domain associated with an IP address located in Russia, and registered just days before the attack. This has led to suspicions of a “fly-by-night operation designed for quick exploitation.”

The attack serves as a stark reminder of the importance of maintaining up-to-date software and security patches in an increasingly digital world. Cyberwarfare is becoming an escalating threat, and businesses need to be vigilant in protecting their systems and customer data.

Read More