1. Forum
  2. tqwNet
  3. TQW GENTECH

  • Top Samsung software hit by attackers to spread malware and hijac

    From TechnologyDaily@1337:1/100 to All on Wednesday, May 07, 2025 11:30:07
    Top Samsung software hit by attackers to spread malware and hijack devices

    Date:
    Wed, 07 May 2025 10:28:00 +0000

    Description:
    Samsung MagicINFO 9 Server bug is being abused in the wild, with users
    advised to patch immediately.

    FULL STORY ======================================================================Security
    researchers have seen a bug in Samsung MagicINFO 9 Server abused in the wild It is being used to deploy malware The bug was fixed in August 2024, so users should patch now

    Cybercriminals are abusing a vulnerability in Samsung MagicINFO 9 Server that was patched almost a year ago.

    Cybersecurity researchers SSD-Disclosure published an in-depth analysis and a proof-of-concept (PoC) of the threat against the company's digital signage content management system (CMS).

    It is used to manage, schedule, and monitor multimedia content across Samsung smart displays, and is a popular solution in different industries such as retail, or transportation.

    Get Keeper Personal for just $1.67/month, Keeper Family for just
    $3.54/month, and Keeper Business for just $7/month

    Keeper is a cybersecurity platform primarily known for its password manager and digital vault, designed to help individuals, families, and businesses securely store and manage passwords, sensitive files, and other private data.

    It uses zero-knowledge encryption and offers features like two-factor authentication, dark web monitoring, secure file storage, and breach alerts
    to protect against cyber threats.

    Preferred partner ( What does this mean? ) View Deal PoC and abuse

    In August 2024, Samsung announced fixing a remote code execution vulnerability. It described it as an improper limitation of a pathname to a restricted directory vulnerability allowing attackers to write arbitrary
    files as system authority. It was tracked as CVE-2024-7399, and was given a severity score of 8.8/10 (high).

    BleepingComputer described it as an ability to upload malware through a file upload functionality intended for updating display content. Samsung addressed it in version 21.1050.

    Despite being fixed almost a year ago, threat actors are finding unpathed endpoints to target. SSD-Disclosure said attackers are uploading malicious .jsp files via an unauthenticated POST request.

    In addition, security firm Arctic Wolf noted how, several days after the PoC was released, it observed the flaw being leveraged in attacks.

    "Given the low barrier to exploitation and the availability of a public PoC, threat actors are likely to continue targeting this vulnerability," the researchers said.

    We dont know how successful these attacks are, who the threat actors are, or how many organizations fell victim. We also dont know if the threat actors
    are focusing on any specific industry, or if they are simply casting a wide net.

    In any case, organizations using Samsung MagicINFO 9 Server are advised to apply the latest patch, or at least bring their software to version 21.1050
    to mitigate the risks.

    Via BleepingComputer You might also like Some Samsung Exynos phone chips
    have a worrying security flaw Take a look at our guide to the best authenticator app We've rounded up the best password managers



    ======================================================================
    Link to news story: https://www.techradar.com/pro/security/top-samsung-software-hit-by-attackers-t o-spread-malware-and-hijack-devices


    --- Mystic BBS v1.12 A47 (Linux/64)
    * Origin: tqwNet Technology News (1337:1/100)