Linux By Example
Related Articles
All of us at Tripwire’s Vulnerability Exposure and Research Team (VERT) are constantly on the lookout for interesting stories and developments in the infosec world. Here are the cybersecurity news that caught our eye for the week of June 6th, 2022. I’ve also added some comments to these stories.
Another nation-state actor is exploiting Microsoft Follina to target European and US companies
A nation-state actor is reportedly attempting to exploit the Follina flaw in a recent spate of attacks against government agencies in Europe and the US security matters. The issue affects multiple Microsoft Office versions including Office, Office 2016 and Office 2021.
DARLENE HIBBS | Security Researcher at Tripwire
The recently released 0-Day in Microsoft Support Diagnostic Tool (MSDT), CVE-2022-30190, nicknamed Follina, is being actively exploited by a nation-state actor to target government agencies via malicious Word documents. The 0-Day can be exploited via a Word document and allows remote code execution with minimal user interaction. It is possible to exploit this vulnerability without requiring the user to open the document, bypassing the protection provided by Office’s Protected View feature to restrict code execution. To mitigate the risk of the vulnerability, it is recommended that you delete the MSDT registry keys.
Linux botnets are now exploiting Atlassian’s critical Confluence bug
Several botnets are now using exploits targeting a critical Remote Code Execution (RCE) vulnerability to infect Linux servers running unpatched installations of Atlassian Confluence Server and Data Center. computer beeps notes that successful exploitation of this bug (tracked as CVE-2021-26084) allows unauthenticated attackers to create new administrator accounts, run commands, and eventually remotely take over the server to attack servers with backdoor internet exposure take over.
ANDREW SWOBODA | Senior Security Researcher at Tripwire
CVE-2021-26084 has been actively exploited in the wild since Proof of Concepts was published. This vulnerability allows attackers to remotely execute code on a vulnerable system. The vulnerability was observed in the Kinsing, Hezb, and Dark IoT botnets.
CVE-2022-26134 is another vulnerability that allows attackers to run arbitrary code on systems. A proof of concept has been released for this vulnerability and it is known to be actively exploited. Atlassian has since released fixed versions and a workaround for systems that cannot be upgraded.
Tainted CCleaner Pro Cracker spreads via Black Seo campaign
Threat actors distribute information-stealing malware through search results for a pirated Windows optimizer CCleaner Pro, Security Affairs further noted June 9th. Avast researchers uncovered the malware campaign tracked as FakeCrack.
ANDREW SWOBODA | Senior Security Researcher at Tripwire
CCleaner Pro pirated software was used to steal information from users. Cracked versions of the product infected systems with malware that stole sensitive information. This malware configures a proxy and then sends data to malicious users. To resolve the proxy, you can remove the AutoConfigURL registry key in HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings
Pirated software is known to distribute malicious content. Users should protect themselves by using legitimate copies of software.
