Today’s Jet CSIRT news highlights include a vulnerability in Adobe products, a new Android banker, and attacks on NAS devices. TOP-3 were collected by Anna Melnikova, specialist of the Jet CSIRT information security monitoring and response center at Jet Infosystems.
New vulnerability discovered in Adobe products
Adobe specialists have released a patch for another dangerous vulnerability affecting Adobe Commerce and Magento Open Source products. The issue was identified as CVE-2022-24087 and CVSS 9.8. The vulnerability is associated with incorrect processing of input data and allows an attacker to remotely execute code in the system. Recall that on February 13, developers released updates to fix a similar vulnerability CVE-2022-24086.
New Android banker infected more than 50,000 devices
Researchers at ThreatFabric, a fraud and cybercrime prevention company, have discovered a new Xenomorph banking trojan targeting Android devices. Users of dozens of financial institutions in Spain, Portugal, Italy and Belgium can become potential victims of malware. According to experts, Xenomorph made its way into the Google Play Store through generic productivity apps such as “Fast Cleaner”, which has 50,000 installs.
NAS owners vulnerable to ransomware attacks
Deadbolt ransomware targeted some Asustor NAS devices, and QNAP devices were previously subjected to a similar attack. The attackers remotely infect the victim’s devices, encrypt the information, and demand that a ransom be sent to a unique bitcoin address. In addition to a decryption key for a specific purpose, the hackers offered to buy back a decryption key for all attacked devices and information about a zero-day vulnerability for QNAP devices. Supposedly, DeadBolt gained access to NAS storage through the Asustor EZ Connect utility, which allows users to connect to their systems from anywhere in the world.