Threat Actors Exploit Vulnerability in Samsung MagicInfo System
Administrators of Samsung MagicInfo 9 Server are advised to isolate their systems from the internet following the discovery of exploit attempts targeting a recently updated version. Samsung MagicInfo serves as a central management hub for the company’s digital signage displays, widely used in public venues such as airports and corporate environments.
There is ongoing confusion regarding whether the current attacks are taking advantage of a vulnerability (CVE-2024-7399) that was disclosed and patched the previous year or a new zero-day vulnerability identified in January by a researcher collaborating with SSD Disclosure. The zero-day vulnerability permits “an unauthenticated user to upload a web shell and execute remote code within the Apache Tomcat process,” according to Huntress.
The vulnerabilities reportedly impact MagicInfo 9 Server version 21.1050.0, the latest release from Samsung. However, these issues appear to closely resemble CVE-2024-7399, which was registered by Samsung as a duplicate upon submission and subsequently left unaddressed.
On April 30, SSD Disclosure released proof-of-concept exploit details adhering to its 90-day disclosure policy. Shortly after, Arctic Wolf detected what it claimed were exploitation attempts of CVE-2024-7399, focusing on affected systems running versions prior to 21.1050.
The narrative quickly spread through media channels asserting that systems operating version 21.1050 were secure. However, Huntress has observed exploitation attempts in the wild, noting that some affected systems had already applied the latest available patch. This creates a strong assumption that version 21.1050.0 remains vulnerable, as also indicated by SSD Disclosure.
It is clear that both version 21.1050.0 and its predecessor, 21.1040.2, of MagicInfo 9 Server continue to show vulnerabilities, with no patches yet available to address these security gaps. Huntress asserts that the patch issued in August 2024 was either incomplete or pertained to an entirely different but closely related vulnerability.
Huntress has reached out to Samsung regarding these findings but has not yet received a response. In the meantime, the recommendation for administrators of MagicInfo 9 Server is to ensure that their installations are not directly accessible from the internet until a proper patch is released.
Cybersecurity experts have raised alarms over a new campaign aimed at Portuguese-speaking users in Brazil, distributing trial versions of commercial…
Google has initiated the integration of Gemini Nano, its on-device large language model (LLM), within the latest version of Chrome…
A vulnerability identified in Microsoft Entra ID’s legacy authentication mechanism has raised significant concerns regarding the security of multi-factor authentication…
Scammers are leveraging counterfeit artificial intelligence tools and Facebook advertisements to disseminate Noodlophile Stealer malware, specifically targeting users through deception…
A malicious Python package designed to target Discord developers with remote access trojan (RAT) malware has been discovered on the…
A new malware threat named LOSTKEYS has been identified by Google’s Threat Intelligence Group (GTIG) as part of a series…
Scammers are leveraging counterfeit artificial intelligence tools and Facebook advertisements to disseminate Noodlophile Stealer malware, specifically targeting users through deception…
A malicious Python package designed to target Discord developers with remote access trojan (RAT) malware has been discovered on the…
A new malware threat named LOSTKEYS has been identified by Google’s Threat Intelligence Group (GTIG) as part of a series…