"Hackers Target SMEs Using Bug in Popular Billing Software"

A threat actor, which has not yet been identified, has been seen exploiting a vulnerability contained by the time and billing system BillQuick to execute ransomware attacks. Cybersecurity researchers at Huntress were alerted of an incident faced by a U.S. engineering company managed by one of its partners. The investigation of the incident uncovered a SQL injection vulnerability in BillQuick Web Suite 2020. The team of researchers successfully recreated the SQL injection-based attack. They confirmed the possibility of hackers using the vulnerability to access customers' BillQuick data and run malicious commands on their on-premises Windows servers. According to the researchers, the SQL injection vulnerability, tracked as CVE-2021-42258, does not require much effort to be triggered as its exploitation only requires the submission of a login request with invalid characters in the username field. The researchers noted that the attackers were able to abuse this flaw to execute commands on the victim's machine remotely and launch an unidentified strain of ransomware. This article continues to discuss the discovery, exploitation, and disclosure of the SQL bug in BillQuick, as well as the importance of securing software used by small and medium-sized enterprises (SMEs). 

TechRadar reports "Hackers Target SMEs Using Bug in Popular Billing Software"