Cybersecurity News from VERT for the week of June 6, 2022

All of us at Tripwire’s Vulnerability Exposure and Research Team (VERT) are constantly on the lookout for interesting stories and developments in the infosec world. Here are the cybersecurity news that caught our eye for the week of June 6th, 2022. I’ve also added some comments to these stories.

Another nation-state actor is exploiting Microsoft Follina to target European and US companies

A nation-state actor is reportedly attempting to exploit the Follina flaw in a recent spate of attacks against government agencies in Europe and the US security matters. The issue affects multiple Microsoft Office versions including Office, Office 2016 and Office 2021.

DARLENE HIBBS | Security Researcher at Tripwire

Linux botnets are now exploiting Atlassian’s critical Confluence bug

Several botnets are now using exploits targeting a critical Remote Code Execution (RCE) vulnerability to infect Linux servers running unpatched installations of Atlassian Confluence Server and Data Center. computer beeps notes that successful exploitation of this bug (tracked as CVE-2021-26084) allows unauthenticated attackers to create new administrator accounts, run commands, and eventually remotely take over the server to attack servers with backdoor internet exposure take over.

ANDREW SWOBODA | Senior Security Researcher at Tripwire

CVE-2021-26084 has been actively exploited in the wild since Proof of Concepts was published. This vulnerability allows attackers to remotely execute code on a vulnerable system. The vulnerability was observed in the Kinsing, Hezb, and Dark IoT botnets.

CVE-2022-26134 is another vulnerability that allows attackers to run arbitrary code on systems. A proof of concept has been released for this vulnerability and it is known to be actively exploited. Atlassian has since released fixed versions and a workaround for systems that cannot be upgraded.

Tainted CCleaner Pro Cracker spreads via Black Seo campaign

Threat actors distribute information-stealing malware through search results for a pirated Windows optimizer CCleaner Pro, Security Affairs further noted June 9th. Avast researchers uncovered the malware campaign tracked as FakeCrack.

ANDREW SWOBODA | Senior Security Researcher at Tripwire

CCleaner Pro pirated software was used to steal information from users. Cracked versions of the product infected systems with malware that stole sensitive information. This malware configures a proxy and then sends data to malicious users. To resolve the proxy, you can remove the AutoConfigURL registry key in HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings
Pirated software is known to distribute malicious content. Users should protect themselves by using legitimate copies of software.

Stay in touch with Tripwire VERT

Want more insights from Tripwire VERT before our next roundup of cybersecurity news comes out? Subscribe to our newsletter.

Summary of previous VERT cybersecurity news

About Willie Ash

Check Also

Ubuntu Core brings real-time processing to Linux IoT

Most of you are familiar with Ubuntu as a desktop operating system; others know it …