In-Depth Analysis of JS Sniffers Uncovers New Families of Credit Card-Skimming Code, Nvidia Fixes 8 High-Severity Flaws Allowing DoS, Code Execution, Computer virus alters cancer scan images, A Serious Apache server bug gives root to baddies in shared host environments, Cybercrime Groups Are Still Rampant on Facebook, 90% of OT organizations are cyberattack victims, Tenable Discloses Verizon Fios Router Vulnerabilities, and Samsung Galaxy S10 Fingerprint Sensor Duped With 3D Print!
- In-Depth Analysis of JS Sniffers Uncovers New Families of Credit Card-Skimming Code – Security firm Group-IB today published a report, which it shared with The Hacker News prior to its release, detailing nearly 38 different JS-Sniffer families that its researchers documented after analyzing 2440 infected e-commerce websites. All these JS-Sniffer families have been categorized into two parts. The first one is the universal code that can be integrated into any website, for example, G-Analytics and WebRank families of JS-sniffers.magecart js sniffers Whereas, the second type of JS-Sniffers—which includes PreMage, MagentoName, FakeCDN, Qoogle, GetBilling, and PostEval families—have primarily been designed to work with specific Content Management Systems such as Magento, WooCommerce, WordPress, Shopify, and OpenCart.
- Nvidia Fixes 8 High-Severity Flaws Allowing DoS, Code Execution – Nvidia has released fixes for eight high-severity vulnerabilities in its Linux for Tegra driver packages. The worst of these flaws could allow information disclosure, denial of service and code execution on impacted systems. Overall, the chipmaker on Tuesday released patches for 13 flaws that impact the Nvidia Jetson TX1 and TX2, two low-power embedded computing boards which carry a Nvidia Tegra processor and are specifically designed for accelerating machine learning in systems. The Jetson TX1 and TX2 are used in robots, drones, smart cameras and portable medical devices. None of the impacted Nvidia chips patched are used in gaming systems or PCs.
- Computer virus alters cancer scan images – The researchers, from Ben Gurion University’s cyber-security centre, said the malware could also remove actual malignant growths from image files to prevent patients who are targets getting the care they need. The images targeted were scans of lungs but the malware could be tuned to produce other fake conditions such as brain tumours, blood clots, fractures or spinal problems, according to the Washington Post, which first reported on the research. Images and scans were vulnerable, said the researchers, because the files were generally not digitally signed or encrypted. This means any changes would be hard to spot.
- Serious Apache server bug gives root to baddies in shared host environments – CVE-2019-0211, as the vulnerability is indexed, is a local privilege escalation, meaning it allows a person or software that already has limited access to the Web server to elevate privileges to root. From there, the attacker could do just about anything. The vulnerability makes it possible for unprivileged scripts to overwrite sensitive parts of a server’s memory, Charles Fol, the independent researcher who discovered the bug, wrote in a blog post. A malicious script could exploit the vulnerability to gain root.
- A Year Later, Cybercrime Groups Still Rampant on Facebook Krebs on Security – Almost exactly one year ago, KrebsOnSecurity reported that a mere two hours of searching revealed more than 100 Facebook groups with some 300,000 members openly advertising services to support all types of cybercrime, including spam, credit card fraud and identity theft. Facebook responded by deleting those groups. Last week, a similar analysis led to the takedown of 74 cybercrime groups operating openly on Facebook with more than 385,000 members.
- 90% of OT organizations are cyberattack victims, yet visibility into OT systems is still limited – Help Net Security – Insufficient visibility into the attack surface: 80% of respondents cited lack of visibility into the attack surface , knowing what systems are part of their IT environments, as the number one issue in their inability to prevent business-impacting cyberattacks. Inadequate staffing and manual processes limit vulnerability management: Lack of personnel and a reliance on manual processes were cited by 61% and 55% of respondents respectively as major obstacles in their ability to assess and remediate vulnerabilities.C-Suite buy-in is key: 70% of respondents view increasing communication with executives and board members as one of their governance priorities for 2019.
- Tenable Discloses Verizon Fios Router Vulnerabilities – Chris Lyne explained that the authenticated command injection attack (CVE-2019-3914) is possible in a LAN environment and when Remote Administration is enabled, the attack becomes possible remotely. He noted that there are two viable attack scenarios for this vulnerability. The first of which is an insider / house guest that connects to Wi-Fi and figures out the router’s public IP address. From there, they can log into the router’s admin web interface to enable Remote Administration. After the house guest leaves, he or she can exploit CVE-2019-3914 remotely, from across the internet, to gain remote root shell access to the router’s underlying operating system. The other scenario outlined by Lyne is an attacker masquerading as a Verizon tech support employee. In this situation, the attacker calls an unsuspecting Verizon customer and pretends there is an issue with their service. The attacker then asks the customer for his/her administrator password to log into the router’s admin web interface and to enable Remote Administration. At this point, the attacker could ask for the public IP address which is conveniently displayed after logging in. The attacker can then gain remote root shell access to the router’s underlying OS.
- Samsung Galaxy S10 Fingerprint Sensor Duped With 3D Print – The Samsung user posted on Imgur this weekend under the alias, “darkshark” saying he was able to fool the Galaxy S10’s fingerprint using a simple technique – in only 13 minutes. He first took a picture of his own fingerprint, then transferred that picture to Adobe Photoshop and created a 3D print. From there, he used the 3D print to physically sign on to his phone.
Expert Commentary: Neil Butchart, Ekran
Topic: Is the industry broken?
- Security Vendor’s perspective
- Security Stakeholder’s perspective
To learn more about Ekran, visit: https://securityweekly.com/ekran
Visit http://hacknaked.tv to get all the latest episodes!
Paul Asadorian – CEO, Security Weekly.