On Wednesday, May 17, 2023, Cisco disclosed four critical remote code execution vulnerabilities affecting the web-based user interface of Cisco Small Business Series Switches. Cisco’s Product Security Incident Response Team (PSIRT) is aware of PoC exploit code being available for these vulnerabilities, however, they have not identified a publicly available PoC exploit.

On Wednesday, May 3, 2023, Google introduced eight new top-level domains (TLD) available for purchase and that could be used with websites and/or email addresses. From these eight new TLD’s, one that stands out as a potential security risk is.zip. The.zip TLD is concerning since it is also used as an extension of files commonly shared over the internet. With the inclusion of.zip as a domain, email clients and web platforms will now accept URLs disguised as filenames with.zip extensions.

Financial institutions experience a level of regulatory burden and security compliance requirements that few other industries must contend with. Since they’re a central target for attackers due to the money they move and the vast amounts of data they possess, they’ve become a central focus for regulators due to the danger to the global economy should one of them fall victim to a breach.

In a security advisory published on May 9th, Microsoft disclosed the existence of a Local Privilege Escalation vulnerability in Sysmon (CVE-2023-29343). The vulnerability was discovered by an independent security researcher and was responsibly disclosed to Microsoft. Microsoft has released Sysmon version 14.16 to address this vulnerability.

On Tuesday May 9th, 2023, CISA published a Joint Cybersecurity Advisory titled “Hunting Russian Intelligence ‘Snake’ Malware” which provided an in-depth analysis of the Russian Federal Security Services’ (FSB) Snake malware. Arctic Wolf Labs has analyzed the advisory and have summarized the content into key findings and takeaways for the security community.

Phishing emails are a tremendous threat and one of the most common vehicles cyber criminals use to trick employees and succeed in their attacks. Cybercriminals are on a mission to gain access to sensitive information, such as login credentials, business information, customer data, or financial data. Despite the best efforts by IT departments and security professionals to put the proper filters in place, cybercriminals still often find a way to get into employee inboxes with their phishing schemes.

Too many organizations fail to see advanced threats as they make their way into and through their systems. This is partially because organizations have too many tools feeding them more information than their staff can handle, and partially because those tools are siloed off and improperly managed, preventing comprehensive information and complete understanding of what’s happening within an organization’s IT infrastructure.

Cyber attacks are increasing. You’ve seen the headlines about ransomware and business email compromise and various social engineering tricks, and they’re all true. The cybercrime landscape is growing in volume and complexity, vulnerability numbers are increasing year over year, and user error is leading to over a quarter of incidents observed by Arctic Wolf® Incident Response.

In the past decade, cybersecurity has evolved from something of a niche technical field into a crucial part of every business plan and online code of conduct. Even so, we still see frequent evidence that many organizations are in need of more education about how to respond to a cyber attack. That was evident this April, as we saw the results of several high-profile cyber attacks that may have been worsened by a slow or poorly considered reaction.

Oracle recently released their Critical Patch Update addressing 433 vulnerabilities across their products, including a vulnerability in the Oracle Hospitality OPERA 5 Property Services product. According to Oracle’s vulnerability description, CVE-2023-21932 is a difficult– to– exploit vulnerability, requiring network access via HTTP and high privileges.