Weekly Threat Digest: 28 February – 6 March 2022

For a detailed threat digest, download the pdf file here Published Vulnerabilities Interesting Vulnerabilities Targeted Countries Targeted Industries ATT&CK TTPs 381 19 3 5 22 The first week of March 2022 witnessed the discovery of 381 vulnerabilities out of which 19 garnered the attention of security researchers worldwide. Among these 19, there were 2 zero-days and 1 other vulnerability about which the National vulnerability Database (NVD) is still awaiting analysis while 18 were not present in the NVD at all. Hive Pro Threat Research Team has curated a list of 19 CVEs that require immediate action. Last week was all about Russia and Ukraine cyber warfare, there were two malware that targeted Ukraine, namely HermeticWiper and Isaacwiper. These are data wiper malware threats that disable infiltrated systems by erasing or wiping essential data rather than rendering it inaccessible through encryption. Daxin was another sophisticated rootkit backdoor malware that emerged last week. The main target for daxin was the organizations and governments of strategic interest to China. This report lastly talks about the common TTPs which could potentially be exploited by this malware or CVEs. Detailed Report: Interesting Vulnerabilities: Vendor CVEs Patch Link CVE-2022-26485* CVE-2022-26486* https://cdn.stubdownloader.services.mozilla.com/builds/firefox-stub/enUS/win/bb09da6defac4081f06e02ac17730b9b6f1e13db4315d371a03b167a2f4b3155/Firefox Installer.exe CVE-2022-0492 https://oss.oracle.com/ol7/SRPMS-updates/kernel-uek-container-5.4.17-2136.302.7.2.3.el7.src.rpm https://oss.oracle.com/ol7/SRPMS-updates/kernel-uek-5.4.17-2136.302.7.2.3.el7uek.src.rpm https://oss.oracle.com/ol8/SRPMS-updates/kernel-uek-container-5.4.17-2136.302.7.2.3.el8.src.rpm https://oss.oracle.com/ol8/SRPMS-updates/kernel-uek-5.4.17-2136.302.7.2.3.el8uek.src.rpm CVE-2021-4191 CVE-2022-0489 CVE-2022-0738 CVE-2022-0741 CVE-2022-0751 CVE-2022-0549 CVE-2022-0735 https://gitlab.com/gitlab-org/omnibus-gitlab/-/tree/14.8.2-Security-Hotpatches/config/patches/gitlab-rails https://about.gitlab.com/update/ https://docs.gitlab.com/runner/install/linux-repository.html#updating-the-runner CVE-2022-0789^ CVE-2022-0790^ CVE-2022-0791^ CVE-2022-0792^ CVE-2022-0793^ CVE-2022-0794^ CVE-2022-0795^ CVE-2022-0796^ CVE-2022-0797^ https://www.google.com/intl/en/chrome/?standalone=1 Targeted Location: Targeted Sectors: Common TTPs: TA0042: Resource Development TA0001: Initial Access TA0002: Execution TA0003: Persistence TA0004: Privilege Escalation TA0005: Defense Evasion T1588: Obtain Capabilities T1190: Exploit Public-Facing Application T1059: Command and Scripting Interpreter T1078: Valid Accounts T1078: Valid Accounts T1078: Valid Accounts T1588.002: Tool T1078: Valid Accounts T1059.003: Windows Command Shell T1078.002: Domain Accounts T1078.002: Domain Accounts T1078.002: Domain Accounts T1588.003: Code Signing Certificates T1078.002: Domain Accounts T1106: Native API T1098: Account Manipulation T1068: Exploitation for Privilege Escalation T1189: Drive-by Compromise T1047: Windows Management Instrumentation T1611: Escape to Host T1569: System Services T1569.002: Service Execution TA0006: Credential Access TA0007: Discovery TA0008: Lateral Movement TA0009: Collection TA0040: Impact T1056: Input Capture T1087: Account Discovery T1021: Remote Services T1056: Input Capture T1499: Endpoint Denial of Service T1110: Brute Force T1018: Remote System Discovery T1021.002: SMB/Windows Admin Shares T1561: Disk Wipe T1049: System Network Connections Discovery T1021.003: Distributed Component Object Model T1561.002: Disk Wipe: Disk Structure Wipe T1561.001: Disk Wipe: Disk Content Wipe Threat Advisories: Multiple government entities targeted by China-linked Daxin malware Destructive data wipers and worms targeting Ukrainian organizations Thousands of GitLab instances impacted by multiple security flaws Linux Distributions affected by a privilege escalation vulnerability Two actively exploited Zero-Day vulnerabilities discovered in Mozilla Firefox