Cisco’s merch store targeted by dangerous malware
Russian hackers linked to Cisco attack
When you purchase through links on our site, we may earn an affiliate commission.Here’s how it works.
Cisco’s official merch store has been the subject of a cybersecurity attack that may have resulted in compromised customer information, includingpayment card details.
A report byThe Registerclaims suspected Russia-based attackers injected data-stealing JavaScript into the company’s merch store thanks to a flaw inAdobe’s Magento platform.
Despite the potential severity of the issue, Cisco has confirmed no credentials were compromised during the attack, which it says was remediated swiftly.
Russian hackers target Cisco merch store
“A Cisco-branded merchandise website that’s hosted and administered by a third-party supplier was temporarily taken offline while a security issue was addressed," the company noted.
The attackers exploited a vulnerability tracked asCVE-2024-34102, which affects Adobe Commerce versions 2.4.7, 2.4.6-p5, 2.4.5-p7, 2.4.4-p8 and earlier. Arbitrary code execution is possible through the vulnerability, which has been awarded a critical 9.8 severity score on the CVSS scale.
Although Adobe has issued a security patch, it’s believed as many as 75% of firms using Adobe’s tool have not applied the fix, including the Cisco merch store.
According toc/sidesecurity workers, the script was hosted on a domain associated with an IP address located in Russia. Moreover, the domain was registered just days before the attack, raising suspicions that it could have been a “fly-by-night operation designed for quick exploitation.”
Are you a pro? Subscribe to our newsletter
Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!
While the attack may have been spotted early enough, it serves as a gentle reminder of the importance of maintaining up-to-date software and security patches in an increasingly digital world where cyberwarfare is becoming an escalating threat.
A Cisco spokesperson added: “Based on our investigation, the issue impacted only a limited number of site users, and those users have been notified.”
More from TechRadar Pro
With several years’ experience freelancing in tech and automotive circles, Craig’s specific interests lie in technology that is designed to better our lives, including AI and ML, productivity aids, and smart fitness. He is also passionate about cars and the decarbonisation of personal transportation. As an avid bargain-hunter, you can be sure that any deal Craig finds is top value!
Cisco issues patch to fix serious flaw allowing possible industrial systems takeover
Washington state court systems taken offline following cyberattack
Lenovo ThinkPad T14s Gen 6 review
