Friday, February 26, 2021
  • Setup menu at Appearance » Menus and assign menu to Top Bar Navigation
Advertisement
  • AI Development
    • Artificial Intelligence
    • Machine Learning
    • Neural Networks
    • Learn to Code
  • Data
    • Blockchain
    • Big Data
    • Data Science
  • IT Security
    • Internet Privacy
    • Internet Security
  • Marketing
    • Digital Marketing
    • Marketing Technology
  • Technology Companies
  • Crypto News
No Result
View All Result
NikolaNews
  • AI Development
    • Artificial Intelligence
    • Machine Learning
    • Neural Networks
    • Learn to Code
  • Data
    • Blockchain
    • Big Data
    • Data Science
  • IT Security
    • Internet Privacy
    • Internet Security
  • Marketing
    • Digital Marketing
    • Marketing Technology
  • Technology Companies
  • Crypto News
No Result
View All Result
NikolaNews
No Result
View All Result
Home Internet Security

Online stores for governments and multinationals hacked via new security flaw

January 17, 2019
in Internet Security
Online stores for governments and multinationals hacked via new security flaw
586
SHARES
3.3k
VIEWS
Share on FacebookShare on Twitter

Since at least October 2018, multiple hacking groups have been abusing a previously unknown security flaw in a database management tool to take over online stores and insert malicious code that steals payment card details from checkout forms.

The attacks have been spotted by Dutch security researcher Willem de Groot, who says that several high-profile stores for governments and multinational companies have been hacked this way and injected with card skimmers.

You might also like

Why your diversity and inclusion efforts should include neurodiverse workers

Attorney-General urged to produce facts on US law enforcement access to COVIDSafe

This chart shows the connections between cybercrime groups

In a report shared with ZDNet earlier today, de Groot says he initially spotted this trick being used by multiple groups engaged in Magecart-like attacks last year.

However, it took the researcher a few months before understanding what was happening on the hacked sites, and how attackers were breaking into companies’ seemingly secure online stores.

According to de Groot, at fault is a tiny little web app named Adminer, a tool that lets web developers and site owners manage a database via a graphical user interface (GUI), inside their browser.

Website owners install Adminer on their servers to simplify database management, or the tool is secretly included with various plugins for Magento and WordPress, two popular online store solutions.

The app can be password-protected, but many admins fail to set a password. The app can also let admins use it to connect to any remote MySQL database, not just the one hosted on the server where Adminer is installed.

De Groot says he identified what appears to be a new vulnerability in this app, which crooks have been abusing since last October.

Hackers exploit this vulnerability by identifying unprotected adminer.php files that are left open to remote connections, and later using it to connect to their own MySQL servers.

While connected to their own databases, but via a victim’s Adminer tool, hackers can trick the app into retrieving any file from the victim’s server.

De Groot says hackers have been using this trick to download database configuration files for online stores. These files contain the username and password for the stores’ underlying databases, which hackers then use to inject the skimmer code that steals card details, and possibly other backdoors.

“Because different Magecart factions use it, I suspect that the modified MySQL server is for sale on the dark web,” the researcher said about the possibility that some of these sites being also offered for sale to multiple cybercriminal gangs.

De Groot says that all Adminer versions from 4.3.1 to 4.6.2 are vulnerable. The last two Adminer releases, 4.6.3 and 4.7.0, are safe.

“It is unclear whether the security flaw was fixed deliberately or by accident, as Adminer does not mention a security release,” the researcher said.

De Groot now warns website owners to protect their Adminer instances. He says that through the various honeypots and the customer sites that he manages, he has recently seen a spike in scans for Adminer-specific files, which are most likely attempts from hacker groups to find more victims.

More security coverage:


Credit: Source link

Previous Post

3 Ways How AI Will Augment the Human Workforce

Next Post

Resolving symbol information into meaningful function names in tprof

Related Posts

Why your diversity and inclusion efforts should include neurodiverse workers
Internet Security

Why your diversity and inclusion efforts should include neurodiverse workers

February 26, 2021
Attorney-General urged to produce facts on US law enforcement access to COVIDSafe
Internet Security

Attorney-General urged to produce facts on US law enforcement access to COVIDSafe

February 26, 2021
This chart shows the connections between cybercrime groups
Internet Security

This chart shows the connections between cybercrime groups

February 26, 2021
Spy agency: Artificial intelligence is already a vital part of our missions
Internet Security

Spy agency: Artificial intelligence is already a vital part of our missions

February 26, 2021
Chinese cyberspies targeted Tibetans with a malicious Firefox add-on
Internet Security

Chinese cyberspies targeted Tibetans with a malicious Firefox add-on

February 26, 2021
Next Post

Resolving symbol information into meaningful function names in tprof

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Recommended

Plasticity in Deep Learning: Dynamic Adaptations for AI Self-Driving Cars

Plasticity in Deep Learning: Dynamic Adaptations for AI Self-Driving Cars

January 6, 2019
Microsoft, Google Use Artificial Intelligence to Fight Hackers

Microsoft, Google Use Artificial Intelligence to Fight Hackers

January 6, 2019

Categories

  • Artificial Intelligence
  • Big Data
  • Blockchain
  • Crypto News
  • Data Science
  • Digital Marketing
  • Internet Privacy
  • Internet Security
  • Learn to Code
  • Machine Learning
  • Marketing Technology
  • Neural Networks
  • Technology Companies

Don't miss it

Malicious Amazon Alexa Skills Can Easily Bypass Vetting Process
Internet Privacy

Malicious Amazon Alexa Skills Can Easily Bypass Vetting Process

February 26, 2021
Give Your Business Users Simple Augmented Analytics
Data Science

Give Your Business Users Simple Augmented Analytics

February 26, 2021
AI and machine learning to help global battle with cancer
Machine Learning

AI and machine learning to help global battle with cancer

February 26, 2021
Why your diversity and inclusion efforts should include neurodiverse workers
Internet Security

Why your diversity and inclusion efforts should include neurodiverse workers

February 26, 2021
North Korean Hackers Targeting Defense Firms with ThreatNeedle Malware
Internet Privacy

North Korean Hackers Targeting Defense Firms with ThreatNeedle Malware

February 26, 2021
The Beginner Guide for Creating a Multi-Vendor eCommerce Website
Data Science

The Beginner Guide for Creating a Multi-Vendor eCommerce Website

February 26, 2021
NikolaNews

NikolaNews.com is an online News Portal which aims to share news about blockchain, AI, Big Data, and Data Privacy and more!

What’s New Here?

  • Malicious Amazon Alexa Skills Can Easily Bypass Vetting Process February 26, 2021
  • Give Your Business Users Simple Augmented Analytics February 26, 2021
  • AI and machine learning to help global battle with cancer February 26, 2021
  • Why your diversity and inclusion efforts should include neurodiverse workers February 26, 2021

Subscribe to get more!

© 2019 NikolaNews.com - Global Tech Updates

No Result
View All Result
  • AI Development
    • Artificial Intelligence
    • Machine Learning
    • Neural Networks
    • Learn to Code
  • Data
    • Blockchain
    • Big Data
    • Data Science
  • IT Security
    • Internet Privacy
    • Internet Security
  • Marketing
    • Digital Marketing
    • Marketing Technology
  • Technology Companies
  • Crypto News

© 2019 NikolaNews.com - Global Tech Updates