Weekly Threat Digest: 28 February – 6 March 2022

Theat Digests

Weekly Threat Digest: 28 February – 6 March 2022

For a detailed threat digest, download the pdf file here

Published VulnerabilitiesInteresting

Vulnerabilities

Targeted CountriesTargeted IndustriesATT&CK TTPs
381193522

The first week of March 2022 witnessed the discovery of 381 vulnerabilities out of which 19 garnered the attention of security researchers worldwide. Among these 19, there were 2 zero-days and 1 other vulnerability about which the National vulnerability Database (NVD) is still awaiting analysis while 18 were not present in the NVD at all. Hive Pro Threat Research Team has curated a list of 19 CVEs that require immediate action.

Last week was all about Russia and Ukraine cyber warfare, there were two malware that targeted Ukraine, namely HermeticWiper and Isaacwiper. These are data wiper malware threats that disable infiltrated systems by erasing or wiping essential data rather than rendering it inaccessible through encryption. Daxin was another sophisticated rootkit backdoor malware that emerged last week. The main target for daxin was the organizations and governments of strategic interest to China. This report lastly talks about the common TTPs which could potentially be exploited by this malware or CVEs.

Detailed Report:

Interesting Vulnerabilities:
VendorCVEsPatch Link
CVE-2022-26485*
CVE-2022-26486*
https://cdn.stubdownloader.services.mozilla.com/
builds/firefox-stub/enUS/win/bb09da6defac4081f06e02ac17730b
9b6f1e13db4315d371a03b167a2f4b3155/Firefox%20Installer.exe
CVE-2022-0492https://oss.oracle.com/ol7/SRPMS-updates/
kernel-uek-container-5.4.17-2136.302.7.2.3.el7.src.rpm

https://oss.oracle.com/ol7/SRPMS-updates/
kernel-uek-5.4.17-2136.302.7.2.3.el7uek.src.rpm

https://oss.oracle.com/ol8/SRPMS-updates/
kernel-uek-container-5.4.17-2136.302.7.2.3.el8.src.rpm

https://oss.oracle.com/ol8/SRPMS-updates/
kernel-uek-5.4.17-2136.302.7.2.3.el8uek.src.rpm
CVE-2021-4191
CVE-2022-0489
CVE-2022-0738
CVE-2022-0741
CVE-2022-0751
CVE-2022-0549
CVE-2022-0735
https://gitlab.com/gitlab-org/omnibus-gitlab/-
/tree/14.8.2-Security-Hotpatches/config/patches/
gitlab-rails

https://about.gitlab.com/update/

https://docs.gitlab.com/runner/install/linux-repository.html#updating-the-runner
CVE-2022-0789^
CVE-2022-0790^
CVE-2022-0791^
CVE-2022-0792^
CVE-2022-0793^
CVE-2022-0794^
CVE-2022-0795^
CVE-2022-0796^
CVE-2022-0797^
https://www.google.com/intl/en/chrome/?standalone=1

Targeted Location:

Targeted Sectors:

Common TTPs:

TA0042: Resource DevelopmentTA0001: Initial AccessTA0002: ExecutionTA0003: PersistenceTA0004: Privilege EscalationTA0005: Defense Evasion
T1588: Obtain CapabilitiesT1190: Exploit Public-Facing ApplicationT1059: Command and Scripting InterpreterT1078: Valid AccountsT1078: Valid AccountsT1078: Valid Accounts
T1588.002: ToolT1078: Valid AccountsT1059.003: Windows Command ShellT1078.002: Domain AccountsT1078.002: Domain AccountsT1078.002: Domain Accounts
T1588.003: Code Signing CertificatesT1078.002: Domain AccountsT1106: Native APIT1098: Account ManipulationT1068: Exploitation for Privilege Escalation 
 T1189: Drive-by CompromiseT1047: Windows Management Instrumentation T1611: Escape to Host 
  T1569: System Services   
  T1569.002: Service Execution   
      
TA0006: Credential AccessTA0007: DiscoveryTA0008: Lateral MovementTA0009: CollectionTA0040: Impact
T1056: Input CaptureT1087: Account DiscoveryT1021: Remote ServicesT1056: Input CaptureT1499: Endpoint Denial of Service
T1110: Brute ForceT1018: Remote System DiscoveryT1021.002: SMB/Windows Admin Shares T1561: Disk Wipe
 T1049: System Network Connections DiscoveryT1021.003: Distributed Component Object Model T1561.002: Disk Wipe: Disk Structure Wipe
    T1561.001: Disk Wipe: Disk Content Wipe

Threat Advisories:

Multiple government entities targeted by China-linked Daxin malware

Destructive data wipers and worms targeting Ukrainian organizations

Thousands of GitLab instances impacted by multiple security flaws

Linux Distributions affected by a privilege escalation vulnerability

Two actively exploited Zero-Day vulnerabilities discovered in Mozilla Firefox