BillQuick Web Suite’s severe vulnerability may affect 400K users

Threat Advisories

BillQuick Web Suite’s severe vulnerability may affect 400K users

October 26, 2021

THREAT LEVEL: Red.

For a detailed advisory, download the pdf file here.

Multiple versions of BillQuick Web Suite have been found to have a critical vulnerability. A
hacker was able to get initial access to a US engineering company by exploiting this serious
vulnerability (CVE 2021 42258). It also infected the victim’s network with ransomware.
This vulnerability can be addressed by upgrading BillQuick’s BQE Software to version
22.0.9.1. Eight more vulnerabilities(CVE 2021 42344, CVE 2021 42345, CVE 2021 42346,
CVE 2021 42571, CVE 2021 42572, CVE 2021 42573, CVE 2021 42741, CVE 2021 42742)
have been uncovered, but no formal patch has been released.

Vulnerability Details

References

https://www.huntress.com/blog/threat-advisory-hackers-are-exploiting-a-vulnerability-in-popular-billing-software-to-deploy-ransomware

https://www.bleepingcomputer.com/news/security/hackers-used-billing-software-zero-day-to-deploy-ransomware/

Recent Posts

Join Our Newsletter 14,000+ subscribers and growing! Get top cybersecurity news delivered directly to your inbox.