On July 18th, 2023, Citrix disclosed a critical authentication bypass vulnerability affecting several versions of Citrix ADC and Citrix Gateway (CVE-2023-3519). The vulnerability was identified by independent security researchers, and was responsibly disclosed to Citrix. This vulnerability could allow a threat actor to execute arbitrary code on affected appliances and may also serve as an initial access vector for ransomware and other types of malicious campaigns.

The rise of remote work and the move to the cloud, as well as the rising rate and increased complexity of cyber attacks, have fundamentally changed the security landscape. Set-it-and-forget it tools are no longer enough. To truly protect yourself from modern cyber threats you need 24×7 monitoring, detection and response. However, even that doesn’t look the same anymore.

On July 12th, 2023, SonicWall published a security advisory detailing fifteen security vulnerabilities in Global Management Suite (GMS) and Analytics. Among these vulnerabilities, Arctic Wolf has highlighted four in this bulletin which received a Common Vulnerability Scoring System (CVSS) rating of critical. The following vulnerabilities can allow an unauthenticated threat actor to view, modify, or delete data that the application is able to access.

A manufacturing organization became the target of a business email compromise (BEC) attack. The threat actor utilized stolen credentials and then hoped a prompt-bomb attack will work — it did, and the threat actor was able to take over the user’s inbox. While, thankfully, this incident was detected and responded to by Arctic Wolf before more damage was done, BEC attacks are becoming more common and more successful by the month.

On July 11th, 2023, Fortinet published a security advisory detailing a remote code execution vulnerability affecting FortiOS and FortiProxy (CVE-2023-33308). This stack-based overflow vulnerability affects proxy policies and/or firewall policies with proxy mode and SSL deep packet inspection enabled. This CVE was discovered and responsibly disclosed to Fortinet by security researchers.

Too often, organizations find themselves stuck in a cycle of reacting to threats; figuring out how to stop a business email compromise attack or trying to find a threat actor who’s activated malware in the system. This leaves often short-staffed and overworked IT teams without the bandwidth to focus on the proactive side of cybersecurity.

Summer is here, and things are heating up in the cybersecurity sphere. June saw a third-party vulnerability spiral into the furthest-reaching cyber attack of the year thus far, while separate attacks cut into summer plans for gamers, vacationers, and commuters alike.

On the 6th of July 2023, a joint advisory was published by CISA, the FBI, and CCCS (Canadian Center for Cyber Security) warning of a malware campaign actively exploiting a Remote Code Execution (RCE) vulnerability in Netwrix Auditor (CVE-2022-31199) for initial access.

On July 5th, 2023, Progress Software released a security advisory for a new critical SQL injection vulnerability, CVE-2023-36934, among two other high severity vulnerabilities impacting the MOVEit Transfer web application. These vulnerabilities were responsibly disclosed to Progress Software by researchers at HackerOne and Trend Micro’s Zero Day Initiative.

Last month, we saw top government officials meet with leading tech executives, including the Alphabet and Microsoft CEOs, to discuss advancements in AI and Washington’s involvement.