Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

October 2023

7 Types of Social Engineering Attacks

When a ransomware group launched twin cyber attacks on casino giants MGM and Caesars, they only needed the accidental participation of the organizations’ outsourced IT help desk to get started. It was social engineering — in this case impersonation over the phone, or vishing— that gave the hackers the information they needed to launch a ransomware attack that cost both casinos millions.

Arctic Wolf Always Ahead: Gartner Peer Insights Customers' Choice in Managed Detection & Response

Arctic Wolf was named as the Customers’ Choice for North America in the July 2023 Gartner® Peer Insights™ ‘ Voice of the Customer: Managed Detection and Response Services’ . Our Chief Product Officer Dan Schiappa explains how we continue to differentiate our approach to MDR with a full-service cloud-native platform that is praised by organizations worldwide for its efficacy, efficiency, and scale as attack vectors widen and existing endpoint solutions alone fail to protect organizations.

Arctic Wolf Always Ahead: Managed Security Awareness

Our Chief Product Officer Dan Schiappa explains the differentiated approach Arctic Wolf takes to Managed Security Awareness®, making security education as simple and effective as possible for our customers. With Hollywood-quality production and entertaining material, Arctic Wolf's approach to micro-learning is both fast and fun.

CVE-2023-46747: Critical Unauthenticated RCE Vulnerability in F5 BIG-IP

On October 26, 2023, F5 released security hotfixes for a critical unauthenticated RCE vulnerability (CVE-2023-46747) in BIG-IP’s Traffic Management User Interface (TMUI). If successfully exploited a threat actor with network access to the vulnerable system could bypass the configuration utility authentication and execute arbitrary system commands. CVE-2023-46747 is exploitable if the Traffic Management User Interface is exposed to the Internet.

CVE-2023-34048: Critical RCE Vulnerability in VMware vCenter Server and Cloud Foundation

On October 25, 2023 VMware published a security advisory regarding a critical out-of-bounds write vulnerability (CVE-2023-34048) that has been fixed in the latest updates by VMware. The vulnerability has received a critical severity rating by VMware as it could potentially allow a remote, unauthenticated threat actor to achieve remote code execution if successfully exploited.

CVE-2023-20198: Actively Exploited Privilege Escalation Vulnerability in Cisco IOS XE

On October 16, 2023, Cisco published a security advisory regarding an actively exploited and unpatched privilege escalation vulnerability in the Web UI feature of the Cisco IOS XE operating system, both physical and virtual. The vulnerability could allow a remote, unauthenticated threat actor to create an account with maximum privileges (privilege level 15 access) on the affected device. Due to these factors, Cisco has given this vulnerability the maximum possible CVSS score of 10.

Data Exposure Misconfiguration Issue in ServiceNow (Potential Public List Widget Misconfiguration)

On October 18, 2023, ServiceNow published a knowledge base article revealing that they are aware of reporting that details a potential misconfiguration issue. This issue lies in the Access Control Lists (ACL) within ServiceNow that if misconfigured could result in unauthenticated threat actors being able to access data. The issue was discovered by a security engineer at AppOmni, and was disclosed in a blog to the public on October 14, 2023.

CVE-2023-20101: Critical Authentication Bypass Vulnerability in Cisco Emergency Responder

On October 4, 2023, Cisco published a security advisory disclosing a critical authentication bypass vulnerability (CVE-2023-20101, CVSS: 9.8) in Cisco Emergency Responder. CVE-2023-20101 allows an unauthenticated, remote threat actor to utilize the root account (this account by default has hard coded credentials that cannot be altered) to log into an affected device.

CVE-2023-22515: Critical Privilege Escalation Vulnerability in Confluence Data Center and Server

On October 4, 2023, Atlassian issued a security advisory revealing potential active exploitation of a previously unknown vulnerability (CVE-2023-22515, CVSS: 10) affecting Confluence Data Center and Server instances that are on-premises. This vulnerability can enable an unauthenticated, anonymous remote threat actor to escalate privileges by creating unauthorized Confluence administrator accounts and accessing Confluence instances across multiple versions of Confluence Data Center and Server.

Arctic Wolf + Revelstoke: SOARing to New Heights Together

Security orchestration, automation, and response (SOAR) has an opportunity to be a game changer in how we tackle cyber risk, but there is a significant disconnect between the promises made by existing SOAR platforms and how organizations are able to realize their real-world operational and cost-saving efficiencies. All those automations that promise to eliminate late hours working on mundane stuff. All the orchestrations that promise to get things done faster.

CVE-2023-4863: Critical Vulnerability in Widely Used libwebp Library

On September 7, 2023, Apple released emergency security updates to fix a buffer overflow vulnerability (CVE-2023-41064) impacting macOS, iOS, iPadOS, and watchOS products that was used in a zero-click exploitation chain by the NSO Group. Shortly after, on September 11, 2023, Google released an update to fix a buffer overflow vulnerability (CVE-2023-4863) in Google Chrome, which was reported by Apple’s Security Engineering and Architecture (SEAR) and Citizen Lab.

CVE-2023-40044, CVE-2023-42657: Two Critical Vulnerabilities Impacting Progress WS_FTP Server

On September 27, 2023, Progress Software released a security advisory detailing multiple vulnerabilities in their WS_FTP Server product, including two with a critical severity rating. CVE-2023-40044 (CVSS 10) is a deserialization vulnerability that affects the Ad Hoc Transfer module and could allow a threat actor to obtain remote code execution if successfully exploited.

CVE-2023-42115: Critical RCE Vulnerability in Exim

On October 2, 2023, Exim released security fixes for an out-of-bounds write remote code execution (RCE) vulnerability (CVE-2023-42115, CVSS: 9.8). This vulnerability affects the Simple Mail Transfer Protocol (SMTP) service and is caused by improper validation of user input. A threat actor can remotely exploit CVE-2023-42115 by writing data beyond the boundaries of a buffer, which leads to the execution of arbitrary code.