With this release we’d like to announce that this week we’ve expanded the WAF configuration to protect Magento stores from the vulnerabilities in CVE-2024-34102(CosmicSting).
The WAF improvements have been made possible by:
- Gathering data first on the entire Hypernode platform to find out which payloads and URIs were being used for the attacks.
- Discussing the results with our security partner Sansec (thanks again guys!)
- Creating an NGINX Lua patch to block requests where we’ve detected malicious payloads on specific URLs