Most prevalent Malware files and notable recent Security issues MAY 26-JUNE 2, 2022

Notable Recent Security Issues

  • Follina exploit in Microsoft Office gives attackers potential backdoor to code execution

Description: Security researchers and Microsoft are warning of a zero-day vulnerability in Office that could allow an attacker to run malicious code on targeted systems. The vulnerability, tracked as CVE-2022-30190, exists in Microsoft Word’s remote templating feature, unlike traditional Office vulnerabilities that rely on macros. If successful, an attacker could load malware onto targeted machines from remote servers while bypassing Microsoft Defender’s anti-virus scanner. This issue affects every version of Microsoft Office currently receive updates, some versions dating back to 2003. Although no patch was available as of Tuesday, Microsoft did publish remediation guidelines to keep the vulnerability from being exploited.




Snort 2 rules: 59889 – 59894

Snort 3 rules: 300192 – 300194

ClamAV signature: Win.Exploit.CVE_2022_30190-9951234-1

  • Vulnerabilities in Open Automation Software Platform could lead to information disclosure, denial of service

Description: Cisco Talos recently discovered eight vulnerabilities in the Open Automation Software Platform that could allow an adversary to carry out a variety of malicious actions, including improperly authenticating into the targeted device and causing a denial of service. The OAS Platform facilitates the simplified data transfer between various proprietary devices and applications, including software and hardware. The most serious of these issues is TALOS-2022-1493 (CVE-2022-26082), which an attacker could exploit to gain the ability to execute arbitrary code on the targeted machine. This issue has a severity score of 9.1 out of a possible 10. Another vulnerability, TALOS-2022-1513 (CVE-2022-26833) has a 9.4 severity score and could lead to the unauthenticated use of the REST API.


Snort SIDs: 59275 – 59279, 59732

Interesting News from Around The Security Community 

  • Computer systems belonging to Costa Rica’s public health ministry were offline as of Tuesday afternoon after an attack from the Hive ransomware group, just weeks after the Conti group targeted other critical government systems.

  • Twitter agreed to pay a $150 million fine to the U.S. Federal Trade Commission over improper use and sale of users’ personal data.

  • The SideWinder APT is suspected to be behind at least 1,000 cyber attacks over the past two years.

  • Italy’s cybersecurity agency warned of incoming cyber attacks targeting both public and private sector networks.

  • China recently picked up its public warnings of alleged incoming cyber attacks from the US, but these warnings are built off years-old technical details.

  • The ChromeLoader malware that hijacks the Google Chrome web browser recently added new features, specifically posing a threat to business users. 

Recent Vulnerabilities with Available Exploits 

This is a list of recent vulnerabilities for which exploits are available. System administrators can use this list to help in prioritization of their remediation activities. The Qualys Vulnerability Research Team compiles this information based on various exploit frameworks, exploit databases, exploit kits and monitoring of internet activity.

ID: CVE-2022-23657, CVE-2022-23658, CVE-2022-23660                          

  • Arbitrary code execution vulnerability in Aruba ClearPass Policy Manager

Description: Vulnerabilities in the web-based management interface of ClearPass Policy Manager could allow an unauthenticated remote attacker to run arbitrary commands on the underlying host. Successful exploitation of these vulnerabilities allows an attacker to execute arbitrary commands as root on the underlying operating system leading to complete system compromise.

CVSS v3.1 Base Score: 10 (AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H)

ID: CVE-2022-28348                          

  • Improper GPU memory use in Mali GPU Kernel Driver

Description: The vulnerability affects Midgard GPU Kernel Driver: All versions from r4p0 – r31p0, Bifrost GPU Kernel Driver: All versions from r0p0 – r36p0, and Valhall GPU Kernel Driver: All versions from r19p0 – r36p0. A non-privileged user can make improper operations on GPU memory to enter a use-after-free scenario. This issue is fixed in Bifrost and Valhall GPU Kernel Driver r37p0.

CVSS v3.1 Base Score: 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)

ID: CVE-2022-28349                         

  • Mali GPU Kernel Driver allows access to already freed memory    

Description: The vulnerability affects Midgard GPU Kernel Driver: All versions from r28p0 – r29p0, Bifrost GPU Kernel Driver: All versions from r17p0 – r23p0, and Valhall GPU Kernel Driver: All versions from r19p0 – r23p0. A non-privileged user can obtain access to already freed memory. This issue is fixed in Bifrost and Valhall GPU Kernel Driver version r24p0 and Midgard GPU Kernel Driver version r30p0 release.   

CVSS v3.1 Base Score: 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)

ID: CVE-2022-28349                         

  • Mali GPU Kernel Driver allows access to already freed memory   

Description: The vulnerability affects Valhall GPU Kernel Driver: All versions from r29p0 – r36p0. A non-privileged user can make improper GPU processing operations to gain access to already freed memory. This issue is fixed in Valhall GPU Kernel Driver r37p0.   

CVSS v3.1 Base Score: 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)

Most Prevalent Malware Files May 26-June 2, 2022

SHA 256: e4973db44081591e9bff5117946defbef6041397e56164f485cf8ec57b1d8934

MD5: 93fefc3e88ffb78abb36365fa5cf857c


Typical Filename: Wextract

Claimed Product: Internet Explorer

Detection Name:

SHA 256: 125e12c8045689bb2a5dcad6fa2644847156dec8b533ee8a3653b432f8fd5645 

MD5: 2c8ea737a232fd03ab80db672d50a17a 


Typical Filename: LwssPlayer.scr 

Claimed Product: ????????? 

Detection Name: Auto.125E12.241442.in02

SHA 256: 4b34e3637fa7af93ab628ae5adad2c7f3464053316963297844324a4f649a206

MD5: 3632f27604f5a82cf73b9ade710a1656


Typical Filename: mediaget_installer_467.exe

Claimed Product: N/A

Detection Name: FileRepPup:MediaGet-tpd

SHA 256: a9f7d7525aad1c7007ae9d1d3fc531a1065b28225c5b7efb7347aaf77d9aba92

MD5: 8f90e544a48d75f42f9d44811320689c


Typical Filename: tata communications wholesale retai lpak ncl ethopia napal spice srilanka bd cli bangladesh.wsf

Claimed Product: N/A

Detection Name: Xml.Dropper.Valyria::100.sbx.vioc

SHA 256: 85B936960FBE5100C170B777E1647CE9F0F01E3AB9742DFC23F37CB0825B30B5

MD5: 8c80dd97c37525927c1e549cb59bcbf3


Typical Filename: Eternalblue-2.2.0.exe

Claimed Product: N/A

Detection Name:

@ The information contained in this newsletter, including any external links, is provided “AS IS,” with no express or implied warranty, for informational purposes only. Original Info come from SANS Institute.

More To Explore

Red Hat Security Advisory 2023-3304-01

Red Hat Security Advisory 2023-3304-01 – Red Hat OpenShift Container Platform is Red Hat’s cloud computing Kubernetes application platform solution designed for on-premise or private

We can help improve your Business

Ensure your Organization Assets are well  protected in front of the Cyber Attacks

Delivery Workflow

Register for Free and get your test done withn 24 to 48 hours

See Workflow

Sample Report

Here is a sample report of a Security Testing Engagement

See Sample Report PDF

Work Request

Order your security test and Get Your Report

Get Your Test Report

1. Client Onboarding

Access to all of Cyber Legion's services is provided through the Web Secure Client Portal. To create a Free account, you can sign up through the portal, or contact the Cyber Legion team and they will set up an account for you.

2. NDA , Agreements & Digital Signature

The integration of Digital Signature in our Web Client Portal allows us to legally sign all necessary documents and agreements, enabling us to carry out security assessments on targeted systems.

3. Submit Work Request

Our pricing structure is adaptable to meet the needs of all clients. By filling out the Work Request Form, you can select from pre-existing services or request a personalized proposal.

The Cyber Legion team will acknowledge your order, set up a project in your account, and proceed with the testing and delivery.

4. Security Testing & Report

We meet agreed upon SLAs and follow security testing framework checklists. Based on our commitment, our team of engineers will utilize all of our tools, automation, and testing capabilities to achieve the objectives.

Within the agreed upon timeframe, you will receive a report on the security test that was conducted, including the results, recommendations, and references for addressing any identified issues.

5. Retesting & Validation of Remediation

We not only identify potential threats, risks, and vulnerabilities, but also provide detailed recommendations for resolution. To ensure complete remediation, we offer complimentary retesting and a range of ongoing security testing options for continued vulnerability detection and verification.