New chrome Zero-days, SAP patches vulnerabilities and over 2800 e-Shops hit by credit card hackers

Saptharishi

It has been a busy week in the world of cyber-security with multiple platforms and companies updating their software and patching all the vulnerabilities

Highlights:

  • Google has patched two new zero-day bugs which was actively exploited in recent weeks
  • The November 2020 security update of SAP fixed many critical vulnerabilities
  • Cardbleed Attack – Demystified.

Update all your things

 

Google has released 86.0.4240.198 patch for Chrome for Windows, Mac, and Linux,

Google has patched two new zero-day bugs which was actively exploited in recent weeks with a quick turnaround. The vulnerability was known as CVE-2020-16013 and CVE-2020-16017 and the bugs were identified and posted by “anonymous” sources to Google, unlike previous cases that were discovered by the elite security team of the company’s Project Zero.

A zero-day vulnerability is a security flaw in software that is unknown to the software manufacturer and has no patch in place to repair the flaw. It has the ability for cybercriminals to be exploited. According to the release notes, The CVE-2020-16013 which was published on November 9 was an inappropriate implementation of its V8 JavaScript rendering engine and the CVE-2020-16017 which was reported on November 7 was a use-after-free memory corruption problem was recorded in Chrome’s site isolation feature.

SAP patching open-ended vulnerabilities

The November 2020 security update of SAP fixed many critical vulnerabilities affecting SolMan, Data Services, ABAP, S4 / HANA, and NetWeaver products. The company has published a total of 19 new safety measures since the previous patch day. Six in the 19 have been marked critical, four new notes have been added and two notes have been revised which were previously published.

Two vulnerabilities have been resolved in SAP Data Services by another “hot news” patch. These affect Apache Struts and were discovered last year. The exploitation of the bug would lead to the execution of remote code and, respectively, a denial-of-service (DoS) state.

Types and numbers of patches over the last months

A knowledge disclosure issue in SAP Commerce Cloud, and DoS and SSRF bugs in Commerce Cloud, three of the latest patches fix high-severity vulnerabilities including server-side request forgery (SSRF) and reflected cross-site scripting (XSS) problems in SAP Fiori Launchpad have all been patched. Medium-severity bugs in NetWeaver, Bank Analyzer, S/4 HANA Financial Goods, SAP Process Integration, E-Bilanz ERP Client, and Visual Business Viewer have been also been resolved.

Credit card Hacks

Cardbleed attack was traced back to a single group

According to the reports from the research, the surge of cyber attacks against retailers operating the Magento 1.x e-commerce platform earlier this year was attributed to one single party.

The attack is named Cardbleed in which at least 2,806 online storefronts running Magento 1.x were attacked by the attacks, which had already entered end-of-life as of June 30, 2020. RiskIQ said in an analysis that this group has carried out a large number of different Magecart attacks through the supply chain, such as the Adverline incident, or through the use of exploits such as the September Magento 1 compromises, frequently compromise large numbers of websites at once. The analysis for publish earlier this week.

Magecart using the ant and cockroach function

Stealing credit card data and information through injecting e-skimmers on shopping websites is a no-brainer attempt of Magecart which numerous hacker groups targeting online shopping cart systems have been using a lot lately.

However, Magecart operators have stepped up their efforts to conceal card stealer code in recent months. They have been concealing code inside image metadata containers and even conduct IDN homograph attacks on plant web skimmers hidden inside the favicon file of a website. Cardbleed was first reported by Sansec, works by communicating with the Magento admin panel by using unique domains and then using the ‘Magento Connect’ function to download and install a piece of malware called ‘mysql.php’ that gets automatically deleted after the skimmer code is added to “prototype.js.”

What is even more interesting is that the skimmer used in the compromises is a variant of the Ant and Cockroach skimmer first observed in August 2019 — so named after a function labeled “ant_cockcroach()” and a variable “ant_check” found in the code. The researchers added that the attackers have shuffled their infrastructure since the Cardbleed campaign was publicized.