Breaking News

•••  All important news related to new attacks and see the solutions we can offer you  •••

25/11/2020

Apache Unomi CVE-2020-13942: RCE Vulnerabilities Discovered

Read the original article here
Software Security

“Apache Unomi is a Java Open Source customer data platform, a Java server designed to manage customers, leads and visitors’ data and help personalize customers experiences,” according to its website. Unomi can be used to integrate personalization and profile management within very different systems such as CMSs, CRMs, Issue Trackers, native mobile applications, etc. Unomi was announced to be a Top-Level Apache product in 2019 and is made with high scalability and ease of integration in mind.

Given that Unomi contains an abundance of data and features tight integrations with other systems, making it a highly desired target for attackers, the Checkmarx Security Research Team analyzed the platform to uncover potential security issues.

 

What Checkmarx Found:

Apache Unomi allowed remote attackers to send malicious requests with MVEL and OGNL expressions that could contain arbitrary classes, resulting in Remote Code Execution (RCE) with the privileges of the Unomi application. MVEL and OGNL expressions are evaluated by different classes inside different internal packages of the Unomi package, making them two separate vulnerabilities. The severity of these vulnerabilities is heightened since they can be exploited through a public endpoint, which should be kept public by design for the application to function correctly, with no authentication, and no prior knowledge on the attacker’s part.

Both vulnerabilities, designated as CVE-2020-13942, have a CVS Score of 10.0 (Critical) as they lead to complete compromise of the Unomi service’s confidentiality, integrity, and accessibility, in addition to allowing access to the underlying OS.

Click here to found out more about Checkmarx and how it can help you to make sure your product is safe!
23/11/2020

How Retailers Can Avoid Black Friday Cyber Threats

Read the original article here
Cyber Defense

 

In November 2019, Macy's confirmed the presence of credit card-skimming Magecart malware on its checkout and wallet pages just as Black Friday and the holiday shopping season approached. Macy's indicated that the malware allowed a third party to capture customers' data on the pages if they input their credit card information and clicked "place order."

 

This potentially enabled cybercriminals to access names, addresses, phone numbers, and email addresses along with the users' credit card numbers, security codes, and expiration dates. A Macy's cybersecurity team removed the code by Oct. 15 and announced the incident a few weeks later.

With Black Friday on Nov. 27 this year, retailers are jockeying to gain a competitive edge in what could be the biggest online shopping spree ever. E-commerce holiday sales are expected to generate between $182 billion and $196 billion this season — a year-over-year increase of 25% to 35%, according to Deloitte's annual forecast. Overall holiday spending, on the other hand, will top out at $1.15 trillion with a relatively flat increase of 1.5%.

The trend mirrors the e-commerce sales boom that occurred throughout 2020, with the pandemic expected to fuel a $794.5 billion market in 2020, according to eMarketer. This represents a 32.4% year-over-year growth rate — nearly double the 18% predicted in eMarketer's second-quarter forecast. Brick-and-mortar sales will decline by 3.2%, to $4.71 trillion. Given the stakes in the roughly one-month peak holiday shopping season, retailers are racing to optimize their websites for mobile devices and third-party affiliate partners to maximize every opportunity possible.

However, as Macy's discovered, these opportunities elevate risks for shoppers and businesses. Through formjacking and Magecart attacks, cyber thieves inject malicious JavaScript code into e-commerce websites to skim data and steal customer information. Formjacking refers to hijacking a web form (typically the payment page) and accounts for 87% of breaches. Magecart hackers target shopping carts associated with the Magento open source e-commerce platform. Overall, there have been an average of 425 Magecart incidents per month in 2020. In many cases, adversaries deploy social engineering tactics such as sending shoppers a bogus promotion for a site; when shoppers respond to the fake offer, they enter their personal data on a page that is really a skimming scam.

The fact that there are multiple third-party vendors that support online sales further exposes retailers to possible threats. Cybercriminals often target third parties because they're the weak links of the supply chain. On average, e-commerce sites use 40 to 60 third-party tools and intend to add three to five new third-party technologies each year, amplifying the risks.

So, what should e-commerce businesses do to thwart these attacks and ensure their customers have a "holly, jolly" holiday? We recommend three steps.

Understand Your Risk
It's safe to say that the bad guys are planning for Black Friday as much as retailers are. In fact, they may already have compromised their intended targets and are now simply waiting for the big shopping day to arrive.

After all, they've demonstrated over time that they're very good at "hiding" inside systems until they're ready to strike. Nearly two-thirds of security professionals indicate that they're seeing no less than 100 days of dwell time — the time it takes to detect attackers once they infect a network. Therefore, it's critical to conduct internal due diligence to inventory both your internal risk and third-party risk: What do you know exists, and what protections do you have in place as a result? Are you confident in your solutions? Are you doing enough to defend customer data before it becomes a problem?

Implement Zero Trust
It's essential to enforce zero-trust solutions that restrict third parties to solely the information that the website has authorized them to access, while blocking access to consumers' private and payment information, aka "least privilege." By using virtual webpages, the solutions create an exact replication of the original webpage but exclude what the third party isn't authorized to see. If the third-party input is allowed, the virtual page will transfer it to the original webpage. By isolating third-party scripts from the original website, unauthorized changes to JavaScript won't cause any harm.

View Your Webpages as Customers See Them
Too many businesses only see their website as it appears on the server side, instead of viewing it from the customer browser perspective. The browser page is what customers "see" when they shop, and these pages are subject to compromises. Therefore, you need to assess what you're doing to protect your pages once they leave the web server.

Starting on Nov. 27, retailers large and small will discover whether their e-commerce capabilities are ready for prime time or not. Indeed, the season will serve as a litmus test of their digital transformation success.

This is why companies cannot afford to consider cybersecurity as an afterthought — they must think of data defense as an indispensable component of their business strategies. By committing to a comprehensive risk assessment, enforcing zero trust of third parties, and protecting browser-side pages, they'll rise above the competition this holiday season and reap the rewards of superior brand reputation and customer loyalty for the many months that follow.

See how Reflectiz can help you monitoring within an hour!
23/11/2020

TA551 (Shathak) Word docs with Japanese template push IcedID

Read the original article here
Cyber Defense

Not a New Threat, but very dangerous

The TA551 (Shathak) campaign continues to push IcedID (Bokbot) malware since  August 2020.  The template for its Word documents has been updated, but otherwise, not much has changed.  This campaign mainly targets english speaking victimes however it has also targeted non-English speaking targets with other types of malware.

 

Available Attack Vectors:

  • E-mail
  • Endpoint
  • Web Gateway
Contact us for a test with Cymulate Breach and Attack Simulation
23/11/2020

reported activity: MedusaLocker Ransomware

Cyber Defense

The MedusaLocker ransomware first emerged in September 2019, infecting and encrypting Windows machines around the world.
There have been reports of MedusaLocker attacks across multiple industries, especially the healthcare industry which suffered a great deal of ransomware attacks during the COVID-19 pandemic.

In order to maximize the chances of successful encryption of the files on the compromised machine, MedusaLocker restarts the machine in safe mode before execution.
This method is used to avoid security tools that might not run when the computer starts in safe mode.

Contact us for a test with Cymulate Breach and Attack Simulation
30/10/2020

'Act of War' Clause Could Nix Cyber Insurance Payouts

Read the original article here
Cyber Defense

The indictment of six members of the Russian military for the NotPetya ransomware attack places companies on notice that insurance "is not a get-out-of-jail-free card."

 

Last week, insurers' arguments gained more weight when the US indicted six members of the Russian military for a variety of cyber operations, including the NotPetya wiper attack that disrupted business operations worldwide. Damages from those attacks are at the heart of major lawsuits against insurance companies, including a $1.3 billion legal action brought by pharmaceutical giant Merck against a collection of insurers and a $100 million lawsuit brought by food and beverage conglomerate Mondelez against Zurich Insurance.

In both cases, insurers claim the NotPetya attack represented a hostile act by a sovereign power, preventing any payout.

 

Dont bet on just one horse, see how C2C purple team solutions can help you to secure your organisation.
22/10/2020

British Airways fined £20m for Magecart hack that exposed 400k folks' credit card details to crooks

Read the original article here
Cyber Defense

British Airways is to pay a £20m data protection fine after its 2018 Magecart hack – even though the Information Commissioner’s Office discovered the airline had been saving credit card details in plain text since 2015.

The fine, announced this morning by the UK's data watchdog, is almost exactly at the reduced £19.8m level that BA parent company the International Airlines Group had expected back in August.

Read about Reflectiz, and how it can protect your organization and your clients against magecart
20/10/2020

Wisepay: School payments service hit by cyber-attack

Read the original article here
Cyber Defense

Parents who made payments to UK schools in recent days via the Wisepay service have been warned their card details have been compromised.

Wisepay said a hack of its website meant an attacker was able to harvest payment details between 2 and 5 October via a spoof page.

It's early stages, but it appears that Wisepay may have been victims of a credit card skimming attack sometimes referred to as a Magecart hack.

Attackers didn't break into any databases to steal the information, they took over the live payment page.

Ask us about Reflectiz, THE SOLUTION that will enable you to detect a magecart attack
28/09/2020

Black Friday Cyber risks

Read the original article here
Cyber Defense

The shopping season which begins on Black Friday rolling over to Cyber Monday, is actually one of the most critical times for online retailers. During this period promotions are offered, new products are launched, and the shopping websites themselves invest all their resources to increase the volume of purchases. Unfortunately, as they say, along with the opportunities, come the risks. 

Read about Reflectiz and how you can prevent this to happen to you