E-commerce websites infected through a Google utility, poor OAuth implementation leads to hacks, and more.
Welcome to Cyber Security Today. It’s Friday, December 10th. I’m Howard Solomon, contributing writer on cybersecurity for ITWorldCanada.com.
 |
 |
 |
Hundreds of e-commerce websites have been infected with Google Tag Manager containers, leaving them open to the theft of payment card information of customers. This comes from researchers at Gemini Advisory, who say the threat actors behind this scheme have already posted data on the dark web of at least 88,000 stolen credit and debit cards. Google Tag Manager — or GTM for short — is used by website developers to update user measurement codes. However, because JavaScript can be embedded in GTM containers they can be used by a hacker to skim off customer data like payment card numbers. Malicious payloads hidden in a GTM container may not be seen by security software. Web developers have to ensure GTM containers haven’t been tampered with.
Hardware, software and web developers still aren’t being careful enough with their applications. More evidence of that emerged this week when the U.S. National Institute of Standards and Technology released a graph detailing the number of vulnerabilities reported over the past 20 years. So far this year over 18,000 vulnerabilities have been found, the same if not slightly more than last year. However, the number of high-risk vulnerabilities is lower than last year. Experts contacted by the ZDNet news service noted that it’s easier to find medium and low impact vulnerabilities than high impact ones.
More on vulnerabilities: Hackers are taking advantage of vulnerabilities in the implementation of an authentication protocol in products from Microsoft and other companies. They are using a protocol called OAuth 2.0. But according to researchers at Proofpoint, mistakes in the way the protocol is used are allowing victims to be redirected to malicious websites. The result could be the delivery of malicious email or theft of passwords. The report is a lesson to software developers to be more careful when they build applications.
Lots of developers offer free utilities on the internet. But you have to be careful where you download them from. Some of these apps can be tampered with. The latest example is the free Notepad++ text editor for Windows software developers. According to researchers a hacking group dubbed StrongPity has made an infected version that installs malware. This is the same group that created infected versions of the WinRAR file compression tool. The infected Notepad++ app captures whatever the victim types on a computer. It can also steal data. If you want download a free application do it from the developer’s site and not a third party app store, or by clicking on a link to the supposed app you get in email or a text.
Finally, here’s some security updates you should know about:
SonicWall is urging network managers with the SMA 100-series secure mobile access appliances to patch them as soon as possible. Critical and medium severity vulnerabilities have been discovered. And owners of TP-Link Wi-Fi routers should update the firmware of the devices. According to researchers at Fortinet, a vulnerability could allow a botnet to infect the device. The TL-WR840N V5 model is particularly at risk. TP-Link issued an update on November 12th.
That’s it for now. But remember later today the Week in Review will be out, with a discussion on a Ransomware Playbook issued by the Canadian Centre for Cyber Security. Links to details about today’s podcast stories are in the text version at ITWorldCanada.com.
Follow Cyber Security Today on Apple Podcasts, Google Podcasts or add us to your Flash Briefing on your smart speaker. Thanks for listening. I’m Howard Solomon
