Security News > 2021 > October > BQE Web Suite Billing App Rigged to Inflict Ransomware

Discovered by Huntress Labs earlier this month, the ongoing attacks focus on an SQL-injection bug in the BQE Web Suite from BQE Software.

102621 08:41 UPDATE: BQE clarified that the vulnerability affects BQE Web Suite customers, not BillQuick Web Suite customers, and that Huntress' reference to BillQuick was inaccurate.

102621 08:36 UPDATE: BQE told Threatpost that its engineering team is aware of the issue with customers of BQE Web Suite and noted that the vulnerability has already been patched.

With regards to the additional vulnerabilities identified by Huntress, the company is actively investigating and expects a short-term patch to the BQE Web Suite vulnerabilities to be in place by end of day, Tuesday, Oct. 26, along with a timeline on when a full fix will be implemented.

Its statement continued: "To our knowledge, the issue with BQE Web Suite has only affected two of our customers; we will be proactively communicating to the remainder of our BQE Web Suite customers the existence of these issues, when they can expect the issues to be resolved, and what steps they can take in the interim to minimize their exposure."

BQE clarified that the vulnerability only affects BQE Web Suite customers, not BillQuick Web Suite customers.

News URL

https://threatpost.com/bqe-web-suite-billing-app-ransomware/175720/