Orgs are in the middle of a rapid increase in the use of new collaboration tools to serve the needs of an increasingly dispersed workforce — and they're paying a very real security price.

Enterprises are spending nearly $1,200 a year per employee to address the risk that cloud-based workforce collaboration apps bring to their business. 

It's a well-known reality at this point that with corporate workers more dispersed than ever due to the changing work patterns introduced during the pandemic, enterprises are increasingly relying on new Web-based tools beyond email. These include cloud-based messaging, storage, shared workplaces, customer relationship management (CRM), and other apps and services.

The problem is, these tools also have widely expanded the attack surface for threat actors and increased exposure of corporate assets to the internet. Cybercriminals have quickly recognized the opportunity to exploit this reality — helped along by the fact that many of these apps are largely unproven, security-wise, according to a white paper published Nov. 22 by Osterman Research and sponsored by Perception Point.

"Threat actors have responded quickly to the emergence of new channels for employee productivity and collaboration," the researchers wrote.

Specifically, organizations are now paying $1,197 per employee each year to address successful cyber incidents across email services, cloud collaboration apps or services, and Web browsers — meaning a 500-employee company spends, on average, $600,000 on an annual basis, the researchers found. This cost excludes compliance fines, ransomware mitigation costs, and business losses from non-operational processes, they said.

Researchers ran a survey of 250 security and IT decision-makers to parse this surge in malicious incidents against these new services, and found that 60% of the attack attempts arrive via email — which remains the most widely attacked enterprise service, the researchers found.

Moreover some attacks — such as those involving malware installed on an endpoint — are occurring with even more frequency, up 87%.

The situation is only likely to get worse, with more than 70% of respondents believing the frequency of security threats will remain the same or increase over the next two years, the researchers said. This outlook is due to the time organizations need time to respond to the rapid rate of expansion in the use of these apps and adjust their new security posture accordingly, they acknowledged.

**Too Many Cloud Collaboration Apps?**

On average, organizations surveyed said they use about six various apps and services for communication and collaboration across their workforce. 

Among the most popular apps being used for workforce collaboration now include messaging apps such as Microsoft Teams, Slack, or WhatsApp; cloud storage and collaboration apps such as Google Drive, OneDrive, SharePoint, or Box; shared workspaces such as Microsoft Teams, Google Workspace, or Huddle; enterprise social networks such as Facebook Workplace, Jive, or Microsoft Yammer; CRM tools such as Salesforce, HubSpot, Zendesk, or Microsoft Dynamics CRM; cloud storage services such as AWS S3 buckets or Microsoft Blob Storage; and online meeting tools such as Zoom, WebEx, or Microsoft Teams meetings.

Moreover, employees also use a host of unsanctioned communication and cloud collaboration apps, such as personal Dropbox storage accounts or personal Zoom accounts, which also put the enterprise at risk.

There have been recent security incidents that highlight the vulnerability of these apps and why enterprises should be paying close attention. Researchers from Varonis Threat Labs, for instance, recently found multiple security vulnerabilities — including a nasty SQL injection bug — in Zendesk's Web-based CRM platform that could have allowed attackers to access sensitive information from potentially any customer account.

Meanwhile, legions of databases — and, thus, customers' personally identifiable information (PII) — are being inadvertently exposed to the Internet monthly through a feature of Amazon Relational Database Service, a popular cloud-based data-backup service offered by Amazon Web Services, according to recent research from the Mitiga Research Team.

Both of these incidents demonstrate the security weaknesses lurking in the cloud-based apps that are becoming the backbone of enterprise workforce collaboration, with 19% of respondents acknowledging that they use as many as nine of these tools, significantly increasing their attack surface, the researchers said.

"Using such a wide range of tools increases the amount of vectors which attackers can target," they wrote.

Not only are there more attacks against these apps and services but they're also increasing in sophistication, the researchers found. A full 72% of respondents indicated that attacks against cloud storage services have grown more sophisticated over the past year, and 57% said the same about attacks against email.

"This trend is especially concerning given the rapid rate of adoption of new cloud-based apps and services," the researchers noted.

**How to Respond**

The situation clearly demands a response from enterprises, which have a number of options for how they can address and minimize their risk of attack against these various apps and services, the researchers said.

However, it will take some effort on their part, including an updating of traditional security postures, noted Michael Sampson, senior analyst at Osterman Research

"Organizations cannot afford — financially or reputationally — to rely on outdated approaches," he said in a press statement. "Our survey demonstrates the clear need for agile and holistic threat prevention solutions."

Enterprises are already on the case, according to the report. Some ways organizations said they will try to mitigate the situation in the coming year include deploying at least one new security tool to combat threats, with 69% of respondents saying they plan to deploy three or more.

Enterprises also should be consolidating their security stack for more holistic and efficient threat protection, as well as leveraging managed services to support their security teams with scalable and flexible incident response capabilities, the researchers advised.

"Fast, holistic, and accurate threat prevention across all channels is singularly important in an era of increasingly frequent and sophisticated cyber incidents," they wrote.

Enterprises Pay $1,200 Per Employee Annually to Fight Cyberattacks Against Cloud Collab Apps

Ubuntu Security Notice 5716-2 - USN-5716-1 fixed a vulnerability in SQLite. This update provides the corresponding update for Ubuntu 14.04 ESM. It was discovered that SQLite incorrectly handled certain long string arguments. An attacker could use this issue to cause SQLite to crash, resulting in a denial of service, or possibly execute arbitrary code.

    =========================================================================Ubuntu Security Notice USN-5716-2November 21, 2022sqlite3 vulnerability=========================================================================A security issue affects these releases of Ubuntu and its derivatives:- Ubuntu 14.04 ESMSummary:SQLite could be made to crash or run programs if it received speciallycrafted input.Software Description:- sqlite3: C library that implements an SQL database engineDetails:USN-5716-1 fixed a vulnerability in SQLite. This update providesthe corresponding update for Ubuntu 14.04 ESM.Original advisory details: It was discovered that SQLite incorrectly handled certain long string arguments. An attacker could use this issue to cause SQLite to crash, resulting in a denial of service, or possibly execute arbitrary code.Update instructions:The problem can be corrected by updating your system to the followingpackage versions:Ubuntu 14.04 ESM:  libsqlite3-0                    3.8.2-1ubuntu2.2+esm3In general, a standard system update will make all the necessary changes.References:  https://ubuntu.com/security/notices/USN-5716-2  https://ubuntu.com/security/notices/USN-5716-1  CVE-2022-35737

Ubuntu Security Notice USN-5716-2

Red Hat Security Advisory 2022-8560-01 - The hsqldb packages provide a relational database management system written in Java. The Hyper Structured Query Language Database contains a JDBC driver to support a subset of ANSI-92 SQL.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

====================================================================                     
Red Hat Security Advisory

Synopsis:          Important: hsqldb security update  
Advisory ID:       RHSA-2022:8560-01  
Product:           Red Hat Enterprise Linux  
Advisory URL:      https://access.redhat.com/errata/RHSA-2022:8560  
Issue date:        2022-11-21  
CVE Names:         CVE-2022-41853  
====================================================================  
1. Summary:

An update for hsqldb is now available for Red Hat Enterprise Linux 7.

Red Hat Product Security has rated this update as having a security impact  
of Important. A Common Vulnerability Scoring System (CVSS) base score,  
which gives a detailed severity rating, is available for each vulnerability  
from the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux Client Optional (v. 7) - noarch  
Red Hat Enterprise Linux ComputeNode Optional (v. 7) - noarch  
Red Hat Enterprise Linux Server (v. 7) - noarch  
Red Hat Enterprise Linux Server Optional (v. 7) - noarch  
Red Hat Enterprise Linux Workstation (v. 7) - noarch  
Red Hat Enterprise Linux Workstation Optional (v. 7) - noarch

3. Description:

The hsqldb packages provide a relational database management system written  
in Java. The Hyper Structured Query Language Database (HSQLDB) contains a  
JDBC driver to support a subset of ANSI-92 SQL.

Security Fix(es):

* hsqldb: Untrusted input may lead to RCE attack (CVE-2022-41853)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page(s) listed in the References section.

4. Solution:

For details on how to apply this update, which includes the changes  
described in this advisory, refer to:

https://access.redhat.com/articles/11258

5. Bugs fixed (https://bugzilla.redhat.com/):

2136141 - CVE-2022-41853 hsqldb: Untrusted input may lead to RCE attack

6. Package List:

Red Hat Enterprise Linux Client Optional (v. 7):

Source:  
hsqldb-1.8.1.3-15.el7_9.src.rpm

noarch:  
hsqldb-1.8.1.3-15.el7_9.noarch.rpm  
hsqldb-demo-1.8.1.3-15.el7_9.noarch.rpm  
hsqldb-javadoc-1.8.1.3-15.el7_9.noarch.rpm  
hsqldb-manual-1.8.1.3-15.el7_9.noarch.rpm

Red Hat Enterprise Linux ComputeNode Optional (v. 7):

Source:  
hsqldb-1.8.1.3-15.el7_9.src.rpm

noarch:  
hsqldb-1.8.1.3-15.el7_9.noarch.rpm  
hsqldb-demo-1.8.1.3-15.el7_9.noarch.rpm  
hsqldb-javadoc-1.8.1.3-15.el7_9.noarch.rpm  
hsqldb-manual-1.8.1.3-15.el7_9.noarch.rpm

Red Hat Enterprise Linux Server (v. 7):

Source:  
hsqldb-1.8.1.3-15.el7_9.src.rpm

noarch:  
hsqldb-1.8.1.3-15.el7_9.noarch.rpm

Red Hat Enterprise Linux Server Optional (v. 7):

Source:  
hsqldb-1.8.1.3-15.el7_9.src.rpm

noarch:  
hsqldb-1.8.1.3-15.el7_9.noarch.rpm  
hsqldb-demo-1.8.1.3-15.el7_9.noarch.rpm  
hsqldb-javadoc-1.8.1.3-15.el7_9.noarch.rpm  
hsqldb-manual-1.8.1.3-15.el7_9.noarch.rpm

Red Hat Enterprise Linux Workstation (v. 7):

Source:  
hsqldb-1.8.1.3-15.el7_9.src.rpm

noarch:  
hsqldb-1.8.1.3-15.el7_9.noarch.rpm

Red Hat Enterprise Linux Workstation Optional (v. 7):

noarch:  
hsqldb-demo-1.8.1.3-15.el7_9.noarch.rpm  
hsqldb-javadoc-1.8.1.3-15.el7_9.noarch.rpm  
hsqldb-manual-1.8.1.3-15.el7_9.noarch.rpm

These packages are GPG signed by Red Hat for security.  Our key and  
details on how to verify the signature are available from  
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2022-41853  
https://access.redhat.com/security/updates/classification/#important

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2022 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIVAwUBY3vJxNzjgjWX9erEAQiSUw//UJFY2xsCnIsTAIyksjQG0oVvUVtrZgmS  
zXX1zlCtPSaPbnyvXQx2bYC+WfP3V5/8n4/9V6OVQruaPCfgk50074FarBRWNl3c  
JijAfca6orVZcOmYI8thSte1XX8gTr0y8Nz5/Uh00ocEt6gJlrvebUFW9PxiqITi  
7jkbySojkJ8JQy/sXv0/o6ZF2lTIb5p2YIZHb/BloCcoUmm2ZKY0TwA9BY9gEEb6  
7UFccLSIG4/HWx7v2N9Wvku1osidtLc1i2dvkah60AM/B3gWA0daRm4eOZPSyNHs  
IN2C8B8J9PCFKqouCQ5muYtK0JtV5jJjhDD7M7RWcAF4TFDHrjHrPXUifp6m/JHj  
qwkEeCoj2UtX+nNWN0J4typ9x2vDBqsAH+PfLhg6Dsk6VtVe840+zCwB2m9v2dic  
bZUXtatqn3Mn599f35WmASw4F1puhqdt9chcfsF2kvqx8nFmrRix3KKIQsdl/K58  
W9UdasDiOD8PV0pN5LULv3vtzk6PCJJMvKp3VFWcm3JsqNEEXYCCvDF7FATZYCqB  
B5dE72yuwz7bUyHLw23z7uV96KbQYfd0djbkNDqfSdfCvuy8UzDiu4CMjIBDtxm/  
F0//LAUZKSc2xovaJho9tU6EcpuYzKe24o9yxXjl/Pg3pBeY2pDlExUzoFW+BpO/  
D6Z1tkBjj8E=VAOx  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Red Hat Security Advisory 2022-8560-01

Red Hat Security Advisory 2022-8559-01 - The hsqldb packages provide a relational database management system written in Java. The Hyper Structured Query Language Database contains a JDBC driver to support a subset of ANSI-92 SQL.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

====================================================================                     
Red Hat Security Advisory

Synopsis:          Important: hsqldb security update  
Advisory ID:       RHSA-2022:8559-01  
Product:           Red Hat Enterprise Linux  
Advisory URL:      https://access.redhat.com/errata/RHSA-2022:8559  
Issue date:        2022-11-21  
CVE Names:         CVE-2022-41853  
====================================================================  
1. Summary:

An update for hsqldb is now available for Red Hat Enterprise Linux 6  
Extended Lifecycle Support.

Red Hat Product Security has rated this update as having a security impact  
of Important. A Common Vulnerability Scoring System (CVSS) base score,  
which gives a detailed severity rating, is available for each vulnerability  
from the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux Server (v. 6 ELS) - noarch  
Red Hat Enterprise Linux Server Optional (v. 6 ELS) - noarch

3. Description:

The hsqldb packages provide a relational database management system written  
in Java. The Hyper Structured Query Language Database (HSQLDB) contains a  
JDBC driver to support a subset of ANSI-92 SQL.

Security Fix(es):

* hsqldb: Untrusted input may lead to RCE attack (CVE-2022-41853)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page(s) listed in the References section.

4. Solution:

For details on how to apply this update, which includes the changes  
described in this advisory, refer to:

https://access.redhat.com/articles/11258

5. Bugs fixed (https://bugzilla.redhat.com/):

2136141 - CVE-2022-41853 hsqldb: Untrusted input may lead to RCE attack

6. Package List:

Red Hat Enterprise Linux Server (v. 6 ELS):

Source:  
hsqldb-1.8.0.10-13.el6_10.src.rpm

noarch:  
hsqldb-1.8.0.10-13.el6_10.noarch.rpm

Red Hat Enterprise Linux Server Optional (v. 6 ELS):

Source:  
hsqldb-1.8.0.10-13.el6_10.src.rpm

noarch:  
hsqldb-1.8.0.10-13.el6_10.noarch.rpm  
hsqldb-demo-1.8.0.10-13.el6_10.noarch.rpm  
hsqldb-javadoc-1.8.0.10-13.el6_10.noarch.rpm  
hsqldb-manual-1.8.0.10-13.el6_10.noarch.rpm

These packages are GPG signed by Red Hat for security.  Our key and  
details on how to verify the signature are available from  
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2022-41853  
https://access.redhat.com/security/updates/classification/#important

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2022 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIVAwUBY3vJvtzjgjWX9erEAQjU1w/+PsYWR9Dx+uh+4feHX3PKCpDXDOxnNo9O  
K0UlAzR6/wsyH2ITI+sgcHIgVaEZH2eW7KegS+bxVC4LGW37cnF3bk1LOaHccBXt  
zd9O/Y+P63+pDLgqgHF3hoYWr20tm+fjnIy35LprMiui2P61dq21zgjEaEZJgybJ  
h4IaKCLFsEDwRc12/NNnCP27vnN8ScehBTs5dDfWEeeE6KgQ446KiPNTq2jTGIYg  
z+BOD8o52EzACRqsu7pCW7wVGMACYsteL8wBEsNACF1H3yfmIB9lzil0tNOsQYrj  
V/XhmeSjCbU+PUQxmYYt8lYfs1w7/uyz2xtb34Yy3AmaVZt8iR30PdJZ8D7j0H2c  
mDzspmf0/n1jaRjgUTadVFMY2OjSRefhEbOVXFNsMf2y/qOfgPqoSIZNJf8tRDl4  
PFGGiBK+K3Ud6IlvGtdmoEP8I2dSXD4eVHG/nlnsqgxP0KPkLT9lD0ZcyUPTXAdV  
1MFy6Od+V2p++sEgueCJ8kS9Sx7KUEezNWLZeHDLCrc7Pr68vZuw7zj0adY0gbVr  
/nAYVf6iq23nvoVRMbc+SjdyyMXQ4hrNdWA39l6dSPHzu+V27g7slZwqIYwSDilf  
6Psmzn/pZRLDUCVwMVuGyKlNdFOaltao5rRvB+nGeXtuN/OHNvWBDW6zpMUtY9ZP  
jnoZbLy6lIw=VjuI  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Red Hat Security Advisory 2022-8559-01

Use After Free vulnerability in Linux Kernel allows Privilege Escalation. An improper Update of Reference Count in io_uring leads to Use-After-Free and Local Privilege Escalation. When io_msg_ring was invoked with a fixed file, it called io_fput_file() which improperly decreased its reference count (leading to Use-After-Free and Local Privilege Escalation). Fixed files are permanently registered to the ring, and should not be put separately. We recommend upgrading past commit https://github.com/torvalds/linux/commit/fc7222c3a9f56271fba02aabbfbae999042f1679 https://github.com/torvalds/linux/commit/fc7222c3a9f56271fba02aabbfbae999042f1679

CVE-2022-3910: 🐧🕺

KLiK SocialMediaWebsite version v1.0.1 is vulnerable to SQL Injection via the profile.php.

This release is meant for offline web development on localhost server. It still can function on live domains, but might run into potential problems in some rare cases.

Uses PHPMailer plugin to setup SMTP servers on localhost. This was essential for windows, but works on Unix Operation Systems as well.

CVE-2022-42098: Release Development Release  · msaad1999/KLiK-SocialMediaWebsite

Billing System Project v1.0 was discovered to contain a SQL injection vulnerability via the endDate parameter at getOrderReport.php.

A tag already exists with the provided branch name. Many Git commands accept both tag and branch names, so creating this branch may cause unexpected behavior. Are you sure you want to create this branch?

CVE-2022-43215: CVE/CVE-2022-43215(sql in getOrderReport.php).md at main · Qrayyy/CVE

Billing System Project v1.0 was discovered to contain a SQL injection vulnerability via the orderId parameter at printOrder.php.

CVE-2022-43214: CVE/CVE-2022-43214(sql in printOrder.php).md at main · Qrayyy/CVE

File upload vulnerability in asith-eranga ISIC tour booking through version published on Feb 13th 2018, allows attackers to upload arbitrary files via /system/application/libs/js/tinymce/plugins/filemanager/dialog.php and /system/application/libs/js/tinymce/plugins/filemanager/upload.php.

**Usage**

    python exp.py http://localhost/isic
    

**ISIC RCE details**

Multiple vulnerabilities in isic.lk tour booking website (info leak / SQL Injection / file upload ) lead to RCE.

First we get website admin username with information disclosure vulnerability, then we use sqli to bypass login, and finally we upload a webshell to target's local system.

**1.info leak**

path: /system/user/modules/mod\_users/controller.php

post param: action=view

now we get an account username 'admin'.

**2.bypass login**

we use sql injection to bypass login and make our PHPSESSION (in cookie) work.

path: /system/user/modules/mod\_users/controller.php

post param: action=doLogin&username=admin' union select 1,2,3,4,5,6,'0192023a7bbd73250516f069df18b500',8,9 limit 1,1#&password=admin123

tips: in file '/system/user/modules/mod\_users/helper.php' you will see the login logic like follow code :

          function selectByUsername() {
                $this->MDatabase->select($this->table_name, "*", "username='" . $this->username() . "'", "id DESC");
                return $this->MDatabase->result;
          }
    

and '/system/user/modules/mod\_users/controller.php':

It means we could not bypass login with something like username=admin' and 1=1 -- - , but we could use 'union select' to set password's md5 with function 'selectByUsername()' . Now we can bypass login based on the number of fields with 'user' table which we actually know , set the value of 'password' to some string's md5 that we know like 'admin123' , it will return {"code":"200","msg":"Successfully Logged In. Please Wait..."}.

**3.upload webshell**

For some reason, you need to make a request with '/system/application/libs/js/tinymce/plugins/filemanager/dialog.php?type=0&editor=mce\_0&field\_id=selected\_file' otherwise the upload will fail. So we send a GET request :

Now upload webshell.

path: /system/application/libs/js/tinymce/plugins/filemanager/upload.php

check for success:

CVE-2022-30529: GitHub - killmonday/isic.lk-RCE: isic.lk tour booking website multi vuln (sqli/ file upload / info leak) lead to RCE

MyBB 1.8.31 has a SQL injection vulnerability in the Admin CP's Users module allows remote authenticated users to modify the query string via direct user input or stored search filter settings.

**Impact**

SQL injection vulnerability in the Admin CP's _Users_ module allows remote authenticated users to modify the query string via direct user input or stored search filter settings.

The vulnerable module requires Admin CP access with the _Can manage users?_ permission.

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

**Details**

Column names related to custom profile fields, used in SQL queries constructed in the build_users_view() function - used for applying views, showing referred users, and searching for users - are not escaped correctly, resulting in a SQL injection vulnerability.

The vulnerable string $userfield_sql is used in an SQL query executed at:  
https://github.com/mybb/mybb/blob/mybb\_1831/admin/modules/user/users.php#L3459

**Patches**

MyBB 1.8.32 resolves this issue with the following changes:

*   Commit: 68b7abe
    *   .patch: https://github.com/mybb/mybb/commit/68b7abe2bcddf663eefe733163ff2c0f33205609.patch

**References**

*   Release Notes: https://mybb.com/versions/1.8.32/

**For more information**

Go to mybb.com/security to report possible security concerns or to learn more about security research at MyBB.

**Contact**

The security team can be reached at security@mybb.com.

Tag

#sql