Go to listing page

Cyware Daily Threat Intelligence, March 09, 2022

Cyware Daily Threat Intelligence, March 09, 2022

Share Blog Post

Another month, another round of security updates. Microsoft has rolled out a slew of security patches for over 70 security vulnerabilities as part of the March 2022 Patch Tuesday. This includes fixes for forty-one flaws affecting Microsoft Windows. Google, on the other hand, has issued patches for 39 vulnerabilities found in the Android components. SAP’s security updates address several flaws affecting its SAP NetWeaver, SAP Content Server, and SAP Web Dispatcher, among other products. Meanwhile, HPE has urged its customers to update their systems and devices to thwart attacks arising due to 16 newly found vulnerabilities in UEFI firmware.

Several new attack methods leveraging design flaws have also been reported in the last 24 hours. One of them is dubbed Spectre-BHI (Branch History Injection), a variant of Spectre-BTI (Branch Target Injection) attack that defies the previous defense system against Spectre attack.

Top Breaches Reported in the Last 24 Hours

Update on APT41 intrusion
There is a new update about APT41’s intrusion into the United States state government computer network. Researchers revealed that at least six state government networks were compromised by exploiting a web application flaw, CVE-2021-44207, and the recently found Log4Shell vulnerability. The intrusion had occurred between May 2021 and February 2022. 

Top Malware Reported in the Last 24 Hours

New RURansom wiper malware
Different versions of RURansom wiper malware were found targeting Russian entities. The malware, written in .NET language, includes worm-like capabilities. It disguises itself as a file named ‘Russia-Ukraine_War-Update.doc.exe’ to spread across all removable disks and encrypt the files. It encrypts all file extensions except for .bak files.

JSSLoader malware spotted
Researchers detected multiple malicious Microsoft Excel add-ins delivering JSSLoader malware. These add-ins were delivered via invoice-themed emails. The JSSLoader RAT is capable of harvesting data from the compromised systems and sending it to a C2 server.

New Nokoyawa ransomware
A relatively new Nokoyawa ransomware was reported that shares similarities with Hive ransomware. Based on the analysis, Nokoyawa leverages tools such as NirSoft and MaIXMR miner - also used by Hive ransomware, to enhance attack capabilities. The ransomware families also share the same infrastructure to deliver commands. Currently, a majority of Nokowaya’s targets are located in South America.

Top Vulnerabilities Reported in the Last 24 Hours

Microsoft addresses 71 vulnerabilities
Microsoft has fixed 71 vulnerabilities as part of the March 2022 update. Forty-one of these flaws affect Microsoft Windows, five vulnerabilities impact Microsoft Office and two are in Microsoft Exchange. Two of the vulnerabilities are rated critical and are tracked as CVE-2022-22006 and CVE-2022-24501. None of these flaws are being actively exploited in the wild.

Adobe rolls out security updates
Adobe has shipped several security updates to fix code execution vulnerabilities affecting its Illustrator and After Effects products. The patches address a range of arbitrary code execution and memory leak vulnerabilities that could expose data to malicious actors.

SAP issues security updates
SAP has released security updates to address vulnerabilities affecting its multiple products. The most serious of these is rated critical (tracked as CVE-2022-24396) and is described as a missing authorization check vulnerability in SAP Focused Run that could lead to complete system compromise. Other impacted products include SAP NetWeaver, SAP Content Server, and SAP Web Dispatcher.

Google’s security updates for Android
Patches for 39 vulnerabilities affecting Android components have been released by Google. Out of these, a total of 10 security flaws were resolved in the System component, six flaws were fixed in Framework, and one was patched in Android runtime and one in Media Framework. The most serious of these issues is CVE-2021-39798, a remotely exploitable elevation of privilege issue identified in the System component.

16 new high-severity UEFI flaws
Sixteen new high-severity vulnerabilities in various implementations of UEFI firmware have been found impacting multiple HP enterprise devices. The impacted devices include HP’s laptops, desktops, Point-of-Sale(PoS) systems, and edge computing nodes. By exploiting these flaws, attackers can conduct remote code execution attacks at the firmware level. The most severe of these flaws are related to memory corruption vulnerabilities.

Critical flaw found in Internet gateways
A new DoS amplification attack with an amplification ratio of 4 billion to 1 is being launched in the wild, according to a new report by a group of researchers. The attack leverages a flaw, CVE-2022-26143, that affects around 2600 incorrectly provisioned Mitel MiCollab and MiVoice Business Express systems that act as PBX-to-internet gateways. The attacks have been reported against financial institutions and logistics companies.

New Spectre-BHI vulnerability
Researchers have devised a new attack method that exploits previous defenses against Spectre attacks. Called Spectre-BHI (Branch History Injection), it is an extension of the 2017 Spectre-BTI (Branch Target Injection) attack. Intel tracks the new Spectre-BHI vulnerability as CVE-2022-0001 for the cross-privilege variation, and CVE-2022-0002 for the same-privilege variation. ARM tracks it as CVE-2022-23960 for both variations.

 Tags

spectre bhi branch history injection
ruransom wiper
uefi firmware
nokoyawa ransomware
hive ransomware
jssloader malware

Posted on: March 09, 2022


More from Cyware

Stay updated on the security threat landscape and technology innovations at Cyware with our threat intelligence briefings and blogs.