On June 9, 2023, Progress released a security advisory detailing newly discovered SQL injection vulnerabilities impacting the MOVEit Transfer web application and Cloud. The vulnerabilities are distinct from CVE-2023-34362, which was actively exploited by Clop Ransomware to exfiltrate data and extort compromised organizations. Although distinct, the vulnerabilities result in nearly identical unauthorized access where threat actors could modify or disclose MOVEit database content.

On Tuesday, June 6, 2023, Barracuda announced that all ESG appliances compromised via CVE-2023-2868 must be immediately replaced, regardless of the current patch version. Barracuda ESG is an email security gateway that manages and filters inbound and outbound email traffic within an organization’s network. On May 18, 2023, Barracuda identified CVE-2023-2868 after being alerted to anomalous traffic originating from ESG appliances.

To compete in an increasingly cutthroat marketplace, retailers spend vast sums in hopes of becoming household names. But brand recognition is a double-edged sword when it comes to cybersecurity. The bigger your name, the bigger the cyber target on your back (no pun intended for the number one breach on our list). Retailers face growing cybersecurity risks.

Cybersecurity is a constant journey, always full of fresh challenges. New threats keep popping up. Endpoint-only solutions are ineffective. And the cybersecurity skills shortage makes it difficult to recruit and retain top talent — especially with the increasing salaries required to be competitive. You may consider a security operations center (SOC), until you find out that operating one in-house is prohibitively expensive and time-consuming.

May often heralds the start of summer — warm weather, long days, and plenty of cybersecurity workers taking much needed time off. Cybercriminals however, are always at their monitors and love to take advantage of times when they know defenses may be down and this month was no different. May saw a wide range of cybercrime, including disruptions of schools and news organizations, a slow-burn in the tech sector, and public negligence from one of the web’s most well-known entities.

On May 31, 2023, Progress released a security advisory warning customers of a critical zero-day vulnerability being actively exploited in MOVEit Transfer, a managed file transfer (MFT) solution. The exploitation of this vulnerability could lead to escalated privileges and potential unauthorized access to an environment, allowing threat actors to steal data and extort organizations.

On May 31st, 2023, a working exploit has been publicly released for a remote code execution (RCE) vulnerability (CVE-2023-33733), impacting ReportLab PDF Toolkit python libraries of versions prior to 3.6.13. The researcher of the POC has previously contacted ReportLab in April 2023, detailing this vulnerability and ReportLab has released a fix on April 27th, 2023, through ReportLab 3.6.13.

Cyber attacks on Australian hospitals and healthcare providers are becoming a more frequent occurrence. The Australian Cyber Security Centre, the ACSC, has recently warned healthcare providers in Australia of an increased number of cyber attacks aimed at the healthcare industry. The ACSC has identified ransomware and other cyber attack methods as leading to dangerous breaches of sensitive hospital data, which can have widespread ramifications if not addressed and preempted.

Cyber risk is everywhere. From credential theft to misconfigurations to vulnerabilities and even phishing attempts, there are cybercriminals poking and prodding at organizations from every angle. This means that organizations not only need to up their cybersecurity, but they also need to think about it in terms of risk and how to holistically mitigate that risk — from identifying threats to protecting against them and responding to them.

On Wednesday, the 24th of May, 2023, Zyxel released a security advisory for several vulnerabilities capable of granting unauthenticated remote code execution (RCE) in their line of Firewall and VPN products, tracked as CVE-2023-33009 and CVE-2023-33010. These buffer overflow vulnerabilities are also capable of inducing denial of service conditions.