Top Samsung software hit by attackers to spread malware and hijack devices

13 hours ago 3

An abstract image of a lock against a digital background, denoting cybersecurity.

(Image Credit: TheDigitalArtist / Pixabay) (Image credit: Pixabay)

Security researchers have seen a bug in Samsung MagicINFO 9 Server abused in the wild
It is being used to deploy malware
The bug was fixed in August 2024, so users should patch now

Cybercriminals are abusing a vulnerability in Samsung MagicINFO 9 Server that was patched almost a year ago.

Cybersecurity researchers SSD-Disclosure published an in-depth analysis and a proof-of-concept (PoC) of the threat against the company's digital signage content management system (CMS).

It is used to manage, schedule, and monitor multimedia content across Samsung smart displays, and is a popular solution in different industries such as retail, or transportation.

PoC and abuse

In August 2024, Samsung announced fixing a remote code execution vulnerability. It described it as an “improper limitation of a pathname to a restricted directory vulnerability allowing attackers to write arbitrary files as system authority”. It was tracked as CVE-2024-7399, and was given a severity score of 8.8/10 (high).

BleepingComputer described it as an ability to upload malware through a file upload functionality intended for updating display content. Samsung addressed it in version 21.1050.

Despite being fixed almost a year ago, threat actors are finding unpathed endpoints to target. SSD-Disclosure said attackers are uploading malicious .jsp files via an unauthenticated POST request.

In addition, security firm Arctic Wolf noted how, several days after the PoC was released, it observed the flaw being leveraged in attacks.

Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!

"Given the low barrier to exploitation and the availability of a public PoC, threat actors are likely to continue targeting this vulnerability," the researchers said.

We don’t know how successful these attacks are, who the threat actors are, or how many organizations fell victim. We also don’t know if the threat actors are focusing on any specific industry, or if they are simply casting a wide net.

In any case, organizations using Samsung MagicINFO 9 Server are advised to apply the latest patch, or at least bring their software to version 21.1050 to mitigate the risks.

Via BleepingComputer

Some Samsung Exynos phone chips have a worrying security flaw
Take a look at our guide to the best authenticator app
We've rounded up the best password managers

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

Read Entire Article