All of us at Tripwire’s Vulnerability Exposure and Research Team (VERT) are constantly looking out for interesting stories and developments in the infosec world. Here’s what cybersecurity news stood out to us during the week of June 06, 2022. I’ve also included some comments on these stories.

Another nation-state actor exploits Microsoft Follina to attack European and US entities

A nation-state actor is attempting to exploit the Follina flaw in a recent wave of attacks aimed at government entities in Europe and the U.S., reports Security Affairs. The issue affects multiple Microsoft Office versions, including Office, Office 2016, and Office 2021.

DARLENE HIBBS | Security Researcher at Tripwire

Linux botnets now exploit critical Atlassian Confluence bug

Several botnets are now using exploits targeting a critical remote code execution (RCE) vulnerability to infect Linux servers running unpatched Atlassian Confluence Server and Data Center installs. Bleeping Computer notes that successful exploitation of this flaw (tracked as CVE-2021-26084) allows unauthenticated attackers to create new admin accounts, execute commands, and ultimately take over the server remotely to backdoor Internet-exposed servers.

ANDREW SWOBODA | Senior Security Researcher at Tripwire

CVE-2021-26084 has been actively exploited in the wild since the release of proof of concepts. This vulnerability allows attackers to remotely execute code on a vulnerable system. The vulnerability has been seen in the Kinsing, Hezb, and Dark IoT botnets.

CVE-2022-26134 is another vulnerability that allows attackers to execute arbitrary code on systems. This vulnerable had proof of concepts released and is known to be actively exploited. Atlassian has since released fixed versions and a workaround for systems that cannot be upgraded.

Tainted CCleaner Pro Cracker spreads via Black Seo campaign

Threat actors spread info-stealing malware through the search results for a pirated copy of the CCleaner Pro Windows optimization program, Security Affairs noted on June 9. Researchers from Avast uncovered the malware campaign, tracked as FakeCrack.

ANDREW SWOBODA | Senior Security Researcher at Tripwire

Pirated copies of CCleaner Pro have been used to steal information from users. Cracked versions of the product infected systems with malware that harvested sensitive information. This malware configures a proxy and then sends data to malicious users. To resolve the proxy, you can remove AutoConfigURL registry key in the HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings
Pirated software has been known to spread malicious content. Users should protect themselves by using legitimate copies of software.

Keep in Touch with Tripwire VERT

Want more insights from Tripwire VERT before our next cybersecurity news roundup comes out? Subscribe to our newsletter here.

Previous VERT Cybersecurity News Roundups