Cyware Daily Threat Intelligence September 5, 2018

Top Malware Reported in the Last 24 Hours

MagnetoCore malware
Security researchers have discovered a massive hacking campaign targeting several e-commerce websites using Magneto. The hackers are using a payment skimming malware named MagnetoCore that is capable of stealing payment card details of users. The malware has infected around 7339 e-commerce sites in the last six months. 

3D printers under threat
Security researchers have found that internet-connected 3D printers can be easily tampered to gain access to sensitive files. These printers are generally controlled by an open-source software package called OctoPrint. Researchers discovered that many 3D printers do not have properly configured OctoPrint, thus allowing hackers to control and monitor these 3D printers. Experts believe that such attacks on 3D printers can be prevented by segmenting the network.

New LokiBot campaign
A new LokiBot campaign has been discovered by security researchers at Kaspersky Lab. The campaign is being carried out to steal passwords from browsers, mail and FTP clients. The malware is delivered via spam emails that appear to be as notifications from other companies or as offers.  

Top Vulnerabilities Reported in The Last 24 Hours

Opsview software flaw
Five serious vulnerabilities were found in the Opsview monitor products that ranged from version 5.2 through 5.4. The flaws here are dubbed as CVE-2018-16148, CVE-2018-16147, CVE-2018-16146, CVE-2018-16144, and CVE-2018-16145. These flaws can allow hackers to gain access to the management console. As a result, they can easily execute malicious code on the OS. 

Google releases a new patch
Google has released Chrome version 69.0.3497.81 for Windows, Mac and Linux to address vulnerabilities that could allow attackers to take control of an affected system. The new update also addresses 40 security issues such as Out-of-bounds Write in V8 and Out-of-bounds Read in Blink. 

Python module abused
A researcher has demonstrated an attack method that abuses the 'setup.py' file in Python modules to perform arbitrary code execution when the package is installed. Using this attack method, the attackers will not only be able to insert malicious code inside a package but can also gain access to root privileges.

Top Breaches Reported in The Last 24 Hours

Family Orbit app hacked
A hacker has managed to gain access to over 281 GB of data stored in the databases of Family Orbit app. The data was exposed due to unsecured servers which were protected with a weak password. The firm has confirmed the data breach and was quick at addressing the issue. Family orbit has changed the API key and login credentials of the vulnerable servers. 

IP addresses of Tor sites exposed
Security researchers have found a new way of identifying the public IP addresses of the Tor sites. The researchers have discovered that there are many Tor sites that use SSL certificates and misconfigure a hidden service so that it is accessible via the internet. These SSL certificates can be abused to identify the public IP addresses. Such design is possible only when a firewall is not used and the servers are to configured to listen only on 127.0.0.1.





  • Share this blog:
To enhance your experience on our website, we use cookies to help us understand how you interact with our website. By continuing navigating through Cyware’s website and its products, you are accepting the placement and use of cookies. You can also choose to disable your web browser’s ability to accept cookies and how they are set. For more information, please see our Privacy Policy.