Hackers used billing software zero-day to deploy ransomware

LASER_oneXM

Level 37
Thread author
Verified
Top Poster
Well-known
Feb 4, 2016
2,520
An unknown ransomware group is exploiting a critical SQL injection bug found in the BillQuick Web Suite time and billing solution to deploy ransomware on their targets' networks in ongoing attacks.
BQE Software, the company behind BillQuick, claims to have a 400,000 strong user base worldwide.

The vulnerability, tracked as CVE-2021-42258, can be triggered extremely easily via login requests with invalid characters (a single quote) in the username field, according to security researchers with the Huntress ThreatOps team.

This actively exploited vulnerability was patched on October 7 after Huntress Labs notified BQE Software of the bug.

However, the researchers also found eight other BillQuick zero-day vulnerabilities (i.e., CVE-2021-42344, CVE-2021-42345, CVE-2021-42346, CVE-2021-42571, CVE-2021-42572, CVE-2021-42573, CVE-2021-42741, CVE-2021-42742) also usable for initial access/code execution and ripe for abuse since they're still waiting for a patch.
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top