August 2, Help Net Security – (International) 36,000 SAP systems exposed online, most open to attacks. ERPScan released a comprehensive SAP Cybersecurity Threat Report which revealed the average number of security patches for SAP products per year has decreased, while the amount of vulnerable platforms has increased and now includes modern cloud and mobile technologies such as HANA. The report also found that SAP’s Customer Relationship Management (CRM), Enterprise Portal (EP), and Supplier Relationship Management (SRM) products are most vulnerable to flaws, and that the U.S. is one of the three countries with the most exposed services, among other findings. Source
August 2, Softpedia – (International) Google SEO trick leads users to online scam, CryptMIC ransomware. Researchers from Malwarebytes discovered an active campaign where malicious actors were abusing Google search featured snippets to show links to compromised Websites and redirect users to online stores selling product keys for Microsoft Office or hosting the Neutrino exploit kits (EK), which would in turn infect the user’s device with the CryptMIC ransomware. Researchers found the attackers could also actively search for third-party Websites listed in featured snippets that run vulnerable content management systems (CMSs), and hack the sites to deliver the ransomware. Source
August 2, SecurityWeek – (International) Google patches tens of critical vulnerabilities in Android. Google released security patches for the Android operating system (OS) resolving 81 vulnerabilities including 3 remote code execution (RCE) flaws, 4 Elevation of Privilege (EoP) bugs, and 4 denial-of-service (DoS) flaws in Mediaserver, a DoS issue in system clock, and an RCE flaw in libjhead, among other vulnerabilities. Source
Above Reprinted from the USDHS Daily Open Source Infrastructure Report
August 3, Dark Reading - Researchers Show How To Steal Payment Card Data From PIN Pads. Attack works even against chip-enabled EMV smartcards. BLACK HAT USA—Las Vegas—The manner in which many PIN pads used by consumers to pay for purchases and communicate with point-of-sale systems make it very easy for attackers to steal payment card data, researchers warned here this week. Using a Raspberry Pi with specialized software and a laptop running a POS simulator, researchers Nir Valtman and Patrick Watson of NCR Corp showed how an attacker could intercept communications between a card reader and a POS system and extract sensitive cardholder data from it. Source