Hackers target SMEs using bug in popular billing software

An as-yet-unidentified threat actor has been observed exploiting a vulnerability in time and billing system BillQuick to deploy ransomware.

Cybersecurity sleuths at Huntress were triggered by a malicious incident at a US engineering company managed by one of its partners. Investigating the incident, the researchers discovered a SQL injection vulnerability in BillQuick Web Suite 2020.

Source link