Search This Blog

Showing posts with label Version. Show all posts

SonicWall: Patch Critical SQL Injection Flaw Immediately


SonicWall, a security firm, issued patches to fix a severe SQL injection (SQLi) vulnerability in its Analytics On-Prem and Global Management System (GMS) products. 

SonicWall patched a significant SQL injection (SQLi) vulnerability in its Analytics On-Prem and Global Management System (GMS) products, identified as CVE-2022-22280 (CVSS score 9.4). 

“Improper Neutralization of Special Elements used in an SQL Command leading to Unauthenticated SQL Injection vulnerability, impacting SonicWall GMS and Analytics On-Prem.” reads the advisory published by the company. 

According to SonicWall experts, adding a Web Application Firewall that can identify and stop SQLi assaults can considerably lower the risk of exploitation. Hatlab DBappSecurity's H4lo and Catalpa identified the issue. The following is a list of fixed software: 
Product  and Fixed Version 
  • GMS: 9.3.1-SP2-Hotfix-2 
  • Analytics: 
Organizations are advised to upgrade to the above version as soon as possible. 

“There is no workaround available for this vulnerability,” SonicWall said. “However, the likelihood of exploitation may be significantly reduced by incorporating a Web Application Firewall (WAF) to block SQLi attempts.”

Raccoon Stealer is Back with a New Version


Bitdefender researchers recently observed that the RIG exploit kit was replacing Raccoon Stealer with the Dridex trojan as part of a campaign that began in January. The change in strategy came as a result of Raccoon Stealer briefly closing its doors in February. 

However, according to a recent assessment, the Raccoon Stealer is showing signs of life and is poised to make a significant comeback in the information stealer industry. Raccoon Stealer's operations were abruptly halted on March 25, 2022, after previously being sold on underground forums under the Malware-as-a-Service (MaaS) model since early 2019. 

The operations were stopped owing to the loss of a developer in the Russia-Ukraine conflict. At the time, the malware's profile on various forums stated that it is temporarily inaccessible and in the process of being upgraded. 

What is the most recent update? 

SEKOIA.IO investigators identified fresh actions on servers hosting the malware on June 10. They discovered multiple operational servers with a web page titled Raccoon Stealer 2.0 when looking for the stealer's management panels on the Shodan search engine. 

It is thought that the latest version has been available for purchase on Telegram since May 17. Following additional investigation, researchers discovered a new malware family known as RecordBreaker, which resembled RacconStealer v2. 

The malware was spreading in the wild. Raccoon Stealer v2 is built-in C/C++ with the help of WinApi. From its C2 servers, the virus downloads genuine third-party DLLs. The new version inherits many of the prior version's capabilities. 

These include, among other things, gathering browser and system information, taking screenshots, downloading files from drives and memory sticks, and harvesting bitcoin wallet data. 

The reappearance of well-known malware, such as Raccoon Stealer, is not a novel event in the threat environment. 

Despite setbacks, numerous malware families, including Conti and REvil, have previously made a strong return and continue to cause havoc throughout the world. As a result, companies must be aware of the strategies and tactics employed by information hackers in order to prevent assaults.