Connect with us

BillQuick billing software vulnerability is actively used in ransomware attacks



The vulnerability was exploited in a ransomware attack on an American engineering company.

Cybersecurity experts have warned of a vulnerability in various versions of the popular BQE Software BillQuick billing solution, which the ransomware operators have already adopted.

The issue, identified as CVE-2021-42258, is a SQL injection vulnerability that could allow attackers to remotely execute code on a vulnerable system.

By message specialists from Huntress Labs, this vulnerability was exploited in a ransomware attack on a certain American engineering company, in particular, to gain initial access to the victim’s systems. Although the manufacturer has already fixed CVE-2021-42258, eight more vulnerabilities discovered during the investigation remain unpatched.

CVE-2021-42258 is related to the process of generating queries against SQL databases in BillQuick Web Suite 2020, which allows attackers to inject malicious SQL code through an application authorization form, remotely run a command line on a Windows system, and execute code with elevated rights (BillQuick works with system administrator privileges).

“Hackers are constantly on the lookout for easy targets and vulnerabilities to exploit — and they don’t always dig into large ‘mainstream’ applications like Office. Sometimes, a productivity tool or even an add-on can become a door through which hackers gain access to the environment and can take the next step, ”the experts warned.

Click to comment

Leave a Reply

Your email address will not be published. Required fields are marked *


Hacker hacked "smart" dog feeder and spied on the mistress



The owner of the smart dog feeder had been using this device for many years and had no problem until she heard a man’s voice coming from the feeder.

An unknown man broke into a smart dog feeder equipped with a camera, gained access to the camera and spied on the owner of one of the animals. Reported by

Smart pet feeders are popular around the world. They provide feeding of pets remotely, at the command given by a person via the Internet. In addition, many devices are equipped with webcams and speakers. With their help, the owner of the animal can admire his pet from anywhere in the world and even say a few affectionate words to him.

Australian resident Angela Cuniberti has become a victim of her love for modern devices. An unknown intruder managed to connect to the camera of her dog’s smart feeder.

One day a woman was passing by the trough and she heard a man’s voice say “Hello, beauty!” Angela was very frightened, as she thought that a stranger had got into the house. Moreover, her dog began to get very nervous and bark.

“I saw that a red light was on and I thought it was strange,” she said. The woman suspected that she was being spied on.

When Cuniberty decided to take a closer look at the camera, she heard a man’s laugh.

Angela consulted a feeder manufacturer. The company’s specialists checked the product and found out that someone had hacked into the home Wi-Fi network and gained access to the camera. This was very strange, since not long before that the woman had changed the password and was sure of its reliability.

It is unknown how long the attacker watched the girl. Now the police are looking for the hacker, and the woman has replaced the feeder with a webcam with an ordinary dog ​​bowl.

Continue Reading


Experts talk about 17 frameworks for attacks on physically isolated systems



For 15 years, 17 frameworks have been discovered that are used by APT groups in attacks on SCADA systems and ICS.

In the first half of 2020 alone, four different malicious frameworks were discovered designed to attack physically isolated networks, and the total number of these tools, paving the way for cyber-espionage and theft of classified information, reached 17 in 15 years.

“All frameworks are designed for some form of espionage, and all frameworks use USB sticks as a physical means of transferring data to and from targeted physically isolated networks.” told ESET researchers Alexis Dorais-Joncas and Facundo Muñoz in a new study.

Since physical isolation is one of the most common ways to protect SCADA systems and process control systems, government-funded APT groups are increasingly looking at critical infrastructure in the hope of injecting malware into physically isolated networks to monitor targets of interest.

According to ESET experts, frameworks are mainly designed to attack computers running Windows. At least 75% of frameworks use malicious LNK or AutoRun files on USB drives, either to initially compromise physically isolated systems or to move laterally on physically isolated networks.

Experts managed to associate some frameworks with well-known APT groupings:

Retro – DarkHotel (aka APT-C-06 or Dubnium);

Ramsay – DarkHotel;

USBStealer – APT28 (aka Fancy Bear, Sednit or Sofacy);

USBFerry – Tropic Trooper (aka APT23 or Pirate Panda);

Fanny – Equation Group;

USBCulprit – Goblin Panda (aka Hellsing or Cycldek);

PlugX – Mustang Panda;

Agent.BTZ – Turla Group.

“Each framework works differently, but they all have one thing in common – they all, without exception, use malicious USB drives. The main difference between connected and offline frameworks is how the flash drive itself has been modified, ”the researchers said.

Connected frameworks work by deploying a malicious component to a connected system that monitors the plugging of new USB drives and automatically places the malicious code needed to compromise a physically isolated system. In the case of offline frameworks like Brutal Kangaroo, EZCheese, and ProjectSauron, attackers must infect their own USB drives with malware to carry out an attack.

As a precautionary measure, organizations with critical information systems are advised to block e-mail access on connected systems, disable USB ports, “disinfect” USB drives, restrict the execution of files on removable drives, and regularly examine isolated systems for signs of suspicious activity.

Continue Reading


Simple vulnerability in smart contract software allows hacker to steal $ 31 million worth of digital currency



An accounting error in MonoX Finance’s software allowed an attacker to raise the price of the MONO token.

Blockchain startup MonoX Finance has fallen victim to cyberattacks , during which a hacker stole $ 31 million. The cybercriminal took advantage of a vulnerability in the software that the platform uses to draft smart contracts.

The company uses the MonoX decentralized financial protocol, allowing users to trade digital currency tokens without the specific requirements of traditional exchanges. An accounting error in the company’s software allowed an attacker to raise the price of the MONO token and then use it to cash out all other deposited tokens.

The cyber attack used the same token as in tokenIn and tokenOut, which are methods of exchanging the value of one token for another. MonoX updates prices after each swap, calculating new prices for both tokens. When the swap is complete, the price of tokenIn (the token sent by the user) decreases and the price of tokenOut (the token received by the user) increases.

By using the same token for both tokenIn and tokenOut, the hacker increased the price of the MONO token significantly because the tokenOut update overwritten the tokenIn price update. The hacker then exchanged the token for $ 31 million worth of tokens on the Ethereum and Polygon blockchains. MonoX Finance management attempted to contact the attacker by sending a message via a transaction on the ETH mainnet. Recall that in October of this year, an unknown attacker hacked the Discord server of the Creature Toadz NFT project and tricked community members into sending him money. In total, the hacker managed to lure out more than 88 ETH from the victims (over $ 340 thousand at the exchange rate at the time of the crime). It is noteworthy that the hacker later returned all the money.

Continue Reading

Most Popular