Zero-Day Exploit on Zimbra Used For Spying
Critical Vulnerabilities and Phising

Critical RCE flaws in “PHP Everywhere” Plugin

Description:

Researchers have disclosed three critical remote code execution vulnerabilities in a WordPress plugin known as ‘PHP Everywhere’. PHP Everywhere is a plugin that allows WordPress admins to insert PHP code in pages, posts, the sidebar, or any Gutenberg block, and use it to display dynamic content based on evaluated PHP expressions. Attackers can abuse this plugin that is used by more than 30,000 websites to execute arbitrary code on affected systems.

Impact:

Allow attacker for remote code executions.

Source:                                                                                                                                             PHP Everywhere RCE flaws threaten thousands of WordPress sites(bleepingcomputer.com)

Suggestions & Recommendations:

If you are running WordPress and have installed “PHP Everywhere”, you are strongly recommended to update to the latest version. Also, if you are running any software based on these technologies, please connect with your vendors for security patches.

Hackers Exploited 0-Day Vulnerability in Zimbra Email Platform to Spy on Users

Description:

Researchers at Volexity are tracking a cyberespionage campaign being run by a suspected Chinese threat actor. The threat actor exploited a zero-day cross-site scripting vulnerability in the Zimbra email platform.  The campaigns came in multiple waves across two attack phase. The initial phase was aimed at reconnaissance's and involved email design to track the target. The second phase came in several waves that contained  email messages luring  targets to click a malicious attacker-crafted link.

Technology Affected:                                        

Zimbra version 8.8.15

Source:
Operation EmailThief: Active Exploitation of Zero-day XSS Vulnerability in Zimbra | Volexity

Suggestions & Recommendations:

Some of the financial and corporate organizations are found to be using Zimbra in Nepal. If you are running Zimbra email platform, we strongly suggest to update to the latest versions. Also, if you are getting this service from vendors, please ask them to update the patch.

Microsoft Issues 51 CVEs for Patch February Security Update, None 'Critical'

Description:

Microsoft have rolled out February Security Update .For software patches including remote code execution flaws in Windows DNS Server, SharePoint Server as well as four privilege escalation CVEs for Windows Print Spooler. In all Microsoft released 51 CVEs, none of which were rated as critical. But there are still plenty of serious vulnerabilities in the update that requires immediate attention. Full rundown of the February 2022 CVEs can be found here.

Source:
Experts: Several CVEs From Microsoft's February Security Update Require Prompt Attention (darkreading.com)

Suggestions & Recommendations:

Microsoft rolled out large number of patches. Please apply patches to all the system running windows servers and desktop operation system.


Roaming Mantis’ Android Malware Targeting Europeans via Smishing Campaigns

Description:

The Roaming Mantis group is targeting Andriod and IOS mobile users with a malware that can steal information, harvest financial data and send texts to self-propagate. They are spreading malware largely through SMS phishing strategies.

A wave of attacks are taking that started on Thursday (10th February 2022). The campaign uses text messages to spread, using fake notifications for “package deliveries” as a lure. The message inside the SMS contains a link and reads,                                                         “Your parcel has been sent out. Please check and accept it,”

Android customers are contaminated with a banking trojan recognized as Wroba.        iPhone people are redirected to a phishing webpage that masquerades as the formal Apple web page.

Roaming Mantis’ are group active before 2018 and running different monetarily enthusiastic marketing campaigns.


Source:
'Roaming Mantis' Android Malware Targeting Europeans via Smishing Campaigns (thehackernews.com)

Suggestions & Recommendations:

Advice your mobile application especially the users of mobile banking apps about this campaign and not to fall into the scam.


Monal Tech, Arjun Aryal 13 February, 2022
Share this post
Archive
Sign in to leave a comment

High Severity RCE bug in Apache Cassandra