Industry News  Continuous Xurum Attacks Targeting E-commerce Websites through Severe Magento 2 Vulnerability
Industry News

Continuous Xurum Attacks Targeting E-commerce Websites through Severe Magento 2 Vulnerability

Mister CybersecurityMister CybersecurityAugust 14, 20230
PinterestLinkedInTumblrRedditVKWhatsApp
More stories

As an original author, I would like to discuss the importance of time management in our daily lives. Time is a precious resource that we all have in limited supply, so it is crucial to make the most of it. Effective time management not only helps us accomplish tasks efficiently but also allows us to prioritize our goals and achieve a better work-life balance.

One key aspect of time management is setting clear goals and priorities. By identifying what needs to be done and when, we can allocate our time and resources accordingly. This helps us stay focused and avoid wasting time on unimportant tasks. Creating a to-do list or using a planner can be helpful tools in organizing our priorities and ensuring that we stay on track.

Another important component of time management is learning to say no. It can be easy to become overwhelmed with commitments and obligations, but it is essential to set boundaries and prioritize our own well-being. Saying no to tasks that do not align with our goals or values can help us avoid burnout and maintain a healthy work-life balance.

Procrastination is a common obstacle to effective time management. It is easy to put off tasks that we find challenging or unpleasant, but doing so only prolongs our stress and anxiety. By breaking tasks into smaller, manageable steps and setting deadlines for ourselves, we can overcome procrastination and boost our productivity.

In conclusion, time management is a valuable skill that can help us achieve our goals and lead a more fulfilling life. By setting clear goals, learning to say no, and overcoming procrastination, we can make the most of our time and create a sense of balance and harmony in our daily lives. It is never too late to start practicing good time management habits and reap the benefits of a more organized and efficient lifestyle.

March 7, 2025



Since January 2023, there was an ongoing marketing campaign focusing on e-commerce websites that use Adobe’s Magento 2 software program. This marketing campaign, referred to as Xurum, exploits a crucial safety flaw in Adobe Commerce and Magento Open Source that has now been patched. If efficiently exploited, this flaw might result in arbitrary code execution. The attackers behind Xurum, believed to be of Russian origin, are primarily fascinated with payment stats from the orders made prior to now 10 days.

In addition to exploiting the safety flaw, the attackers have additionally contaminated some web sites with JavaScript-based skimmers. These skimmers gather bank card data and ship it to a distant server. The full extent of the marketing campaign is presently unknown.

The assault chain utilized by the attackers includes weaponizing CVE-2022-24086 for preliminary entry after which utilizing it to execute malicious PHP code. This code gathers details about the host and deploys an internet shell named wso-ng, disguised as a Google Shopping Ads part. The internet shell solely prompts when the attacker sends the cookie “magemojo000” within the HTTP request. Once activated, it accesses and exfiltrates details about the gross sales order payment strategies from the previous 10 days. The assaults conclude with the creation of a rogue admin consumer with the names “mageworx” or “mageplaza,” that are in style Magento 2 extension shops.

The internet shell wso-ng is an evolution of the WSO internet shell and features a hidden login web page to steal credentials. It additionally integrates with authentic instruments like VirusTotal and SecurityTrails to assemble details about the contaminated machine’s IP fame and different domains hosted on the identical server.

The attackers behind Xurum reveal a meticulous and focused method, specializing in particular Magento 2 cases reasonably than launching indiscriminate assaults. They present a excessive stage of experience in Magento and make investments appreciable time in understanding its internals and establishing their assault infrastructure.



Source hyperlink

PinterestLinkedInTumblrRedditVKWhatsApp

Mister Cybersecurity

Advanced Cyber Attacks Used by Charming Kitten to Target Iranian Dissidents
Telegram and Discord: A New Remote Access Trojan Makes Its Presence Known
Related posts
Load more
Leave a Reply

Your email address will not be published. Required fields are marked *

Read also
Load more