Cyware Daily Threat Intelligence September 5, 2018

Security researchers have discovered a massive hacking campaign targeting several e-commerce websites using Magneto. The hackers are using a payment skimming malware named MagnetoCore that is capable of stealing payment card details of users. The malware has infected around 7339 e-commerce sites in the last six months. 

Security researchers have found that internet-connected 3D printers can be easily tampered to gain access to sensitive files. These printers are generally controlled by an open-source software package called OctoPrint. Researchers discovered that many 3D printers do not have properly configured OctoPrint, thus allowing hackers to control and monitor these 3D printers. Experts believe that such attacks on 3D printers can be prevented by segmenting the network.

A new LokiBot campaign has been discovered by security researchers at Kaspersky Lab. The campaign is being carried out to steal passwords from browsers, mail and FTP clients. The malware is delivered via spam emails that appear to be as notifications from other companies or as offers.  

Five serious vulnerabilities were found in the Opsview monitor products that ranged from version 5.2 through 5.4. The flaws here are dubbed as CVE-2018-16148, CVE-2018-16147, CVE-2018-16146, CVE-2018-16144, and CVE-2018-16145. These flaws can allow hackers to gain access to the management console. As a result, they can easily execute malicious code on the OS. 

Google has released Chrome version 69.0.3497.81 for Windows, Mac and Linux to address vulnerabilities that could allow attackers to take control of an affected system. The new update also addresses 40 security issues such as Out-of-bounds Write in V8 and Out-of-bounds Read in Blink. 

A researcher has demonstrated an attack method that abuses the 'setup.py' file in Python modules to perform arbitrary code execution when the package is installed. Using this attack method, the attackers will not only be able to insert malicious code inside a package but can also gain access to root privileges.

A hacker has managed to gain access to over 281 GB of data stored in the databases of Family Orbit app. The data was exposed due to unsecured servers which were protected with a weak password. The firm has confirmed the data breach and was quick at addressing the issue. Family orbit has changed the API key and login credentials of the vulnerable servers. 

Security researchers have found a new way of identifying the public IP addresses of the Tor sites. The researchers have discovered that there are many Tor sites that use SSL certificates and misconfigure a hidden service so that it is accessible via the internet. These SSL certificates can be abused to identify the public IP addresses. Such design is possible only when a firewall is not used and the servers are to configured to listen only on 127.0.0.1.