VERT Cybersecurity News for the Week of June 6, 2022

VERT Cybersecurity News for the Week of June 6, 2022

All of us at Tripwire’s Vulnerability Research and Exposure Team (VERT) are constantly looking for interesting stories and developments in the world of information security. These are the cybersecurity news that caught our attention the most during the week of June 6, 2022. I have also included some comments on these stories.

Another Nation-State Actor Exploits Microsoft Follina to Attack European and US Entities

A nation-state actor is attempting to exploit the Follina flaw in a recent wave of attacks targeting government entities in Europe and the US, reports security issues. The issue affects multiple versions of Microsoft Office, including Office, Office 2016, and Office 2021.

Darlene Hibbs | Security Researcher at Tripwire

Linux botnets now exploit critical Atlassian Confluence bug

Several botnets are now using exploits targeting a critical remote code execution (RCE) vulnerability to infect Linux servers running unpatched Atlassian Confluence Server and Data Center installations. computer beep notes that successful exploitation of this flaw (tracked as CVE-2021-26084) allows unauthenticated attackers to create new administrator accounts, execute commands, and ultimately take server control remotely to Internet-exposed servers. back door.

ANDRES SWOBODA | Senior Security Researcher at Tripwire

CVE-2021-26084 has been actively exploited in the wild since the proof of concepts release. This vulnerability allows attackers to remotely execute code on a vulnerable system. The vulnerability has been seen in the Kinsing, Hezb, and Dark IoT botnets.

CVE-2022-26134 is another vulnerability that allows attackers to execute arbitrary code on systems. This vulnerability had a proof of concept released and is known to be actively exploited. Since then, Atlassian has released fixed versions and a workaround for systems that cannot be upgraded.

Contaminated CCleaner Pro Cracker spreads via Black Seo campaign

Threat actors spread information-stealing malware via the search results of a pirated copy of Windows optimization program CCleaner Pro, Security Affairs noted in June 9. Avast researchers discovered the malware campaign, tracked as FakeCrack.

ANDRES SWOBODA | Senior Security Researcher at Tripwire

Pirated copies of CCleaner Pro have been used to steal information from users. Cracked versions of the product infected systems with malware that collected sensitive information. This malware sets up a proxy and then sends data to malicious users. To resolve the proxy, you can delete the AutoConfigURL registry key in HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings
Pirated software is known to spread malicious content. Users should protect themselves by using legitimate copies of software.

Stay in touch with Tripwire VERT

Want more information from Tripwire VERT before our next cybersecurity news roundup drops? Subscribe to our newsletter here.

Past VERT Cybersecurity News Summaries

Leave a Comment