Samsung MagicINFO 9 Servers Targeted by Botnet, Update Not Available

By Netvora Tech News

---

Samsung's MagicINFO 9 content management system, used to manage digital signage displays in buildings and stores, has fallen victim to a botnet attack. The vulnerability, identified as CVE-2024-7399, was initially patched in August of last year, but a recent report suggests that attackers have been actively exploiting the flaw.

Targeted by Mirai-based Botnet

Servers running MagicINFO 9 have been targeted by a Mirai-based botnet, which has been using the vulnerability to upload JSP files and execute arbitrary code. This allows attackers to maintain access to the server and launch further attacks, even after the vulnerability has been patched.

Security Experts Warn of Active Exploitation

Security firms Huntress and Arctic Wolf have both reported active exploitation of the CVE-2024-7399 vulnerability. Huntress notes that the flaw is being used to upload webshells, which enable attackers to maintain access to the server and carry out further attacks.

Organizations Urged to Take Action

Organizations using MagicINFO 9 are advised to take immediate action to protect their systems. This includes ensuring that their MagicINFO 9 servers are not accessible from the internet until a working update is installed. Samsung has not yet released an update to patch the vulnerability.

Timeline of Events

• In August last year, Samsung released a patch for the CVE-2024-7399 vulnerability.
• In January, security firm SSD Secure Disclosure reported the vulnerability to Samsung.
• On April 30, SSD Secure Disclosure made the details of the vulnerability public.
• On May 5, Arctic Wolf reported that attackers were actively exploiting the vulnerability.

Unclear When Update Will Be Available

It is unclear when Samsung will release an update to patch the vulnerability. Until then, organizations using MagicINFO 9 are advised to take necessary precautions to protect their systems.