Ethical hacker and bug bounty hunter Sam Curry reported that Ferrari’s subdomain forms.ferrari.com was hosting a fake NFT (Non-Fungible Token) scam. The attackers exploited a flaw in the Adobe Experience Manager on the official website of Ferrari to hijack its subdomain and host the encrypted NFT scam content. After looking deeper, it seems this was an Adobe Experience Manager exploit.

What website vulnerability was exploited by hackers?

The attackers exploited a flaw in the Adobe Experience Manager on the official website of Ferrari to hijack its subdomain and host the encrypted NFT scam content. The bug in Adobe Experience Manager (AEM) was detected by two members of Detectify’s ethical hacking community. If left unchecked, the weakness allows attackers to bypass authentication and gain access to CRX Package Manager, leaving applications open to remote code execution (RCE) attacks.

How could the hack have been prevented?

There are some general steps to avoid such attacks. Keeping software up-to-date and applying security patches is a good first step. But most critically it is important to continuously monitor the website for all open subdomains and endpoints. It is also important to regularly monitor your website for suspicious activity and to have a plan in place for responding to security incidents.