On July 28th, 2023, Ivanti released a security advisory detailing a new vulnerability affecting Ivanti Endpoint Manager Mobile which allows an authenticated administrator to perform arbitrary file writes (CVE-2023-35081).

As more employees move to remote work, more of today’s business environment is shifting towards the cloud. Indeed, approximately 90% of companies use at least one cloud-based service. While it brings great benefits, the cloud also brings challenges, including properly securing cloud-based assets. Cybercriminals are well-versed in corporate cloud usage and are successfully exploiting that knowledge. In the past year and a half, nearly 80% of companies suffered a cloud-based data breach.

The past 18 months have shown that cybersecurity is an essential part of a successful and resilient business model, regardless of whether an organization has 50 or 5,000 employees. With half of all organizations surveyed in the 2023 Arctic Wolf “State of Cybersecurity” Trends Report noting they experienced a breach within the last year, it’s clear that cyber attacks and data breaches continue to keep security professionals up at night.

No matter your organization’s maturity, industry, or business goals, cybersecurity should always be top of mind. Considering the Australian Cyber Security Centre (ACSC) recorded a staggering 76,000 cybercrime reports in the 2022 financial year, it’s safe to say that all organizations are at risk for an incident or breach.

On July 24th, 2023, Ivanti released a security advisory detailing a remote authentication bypass vulnerability (CVE-2023-35078) affecting Ivanti Endpoint Manager Mobile. This vulnerability, with a CVSS score of 10, allows unauthenticated access to specific API paths, which could allow a threat actor to obtain personal identifiable information (PII) such as names, phone numbers, and other mobile device details.

Since the fallout of Conti ransomware in mid-2022, Conti-affiliated threat actors have splintered off and developed or joined other ransomware groups to continue extorting victim organizations. Due to Conti’s source code being leaked, attribution back to the Conti ransomware group via code overlap is much more difficult. However, leveraging blockchain analysis, we can begin to discern what ransomware groups Conti-affiliated threat actors have worked with; one such group is Akira.

In recent years, cyber attacks have been on the rise around the globe. In 2022, the median initial ransom amount rose to $500,000 as more public sectors fell victim to malicious attacks. In Australia, climbing cyber attacks have damaged the country’s vital infrastructure, with lasting and costly consequences. Major industries in Australia — including manufacturing, finance, foreign communications, and the healthcare sector — have been targets of cyber attacks.

In today’s interconnected world, the reliance on secure file transfer software is paramount for businesses dealing with sensitive data. Among these tools, MOVEit Transfer software has been a popular choice worldwide, especially in the US, to ensure secure file transfers. However, recent events have exposed its vulnerabilities, leading to the active exploitation by the CI0p ransomware group.

On July 18th, 2023, Citrix disclosed a critical authentication bypass vulnerability affecting several versions of Citrix ADC and Citrix Gateway (CVE-2023-3519). The vulnerability was identified by independent security researchers, and was responsibly disclosed to Citrix. This vulnerability could allow a threat actor to execute arbitrary code on affected appliances and may also serve as an initial access vector for ransomware and other types of malicious campaigns.

The rise of remote work and the move to the cloud, as well as the rising rate and increased complexity of cyber attacks, have fundamentally changed the security landscape. Set-it-and-forget it tools are no longer enough. To truly protect yourself from modern cyber threats you need 24×7 monitoring, detection and response. However, even that doesn’t look the same anymore.

On July 12th, 2023, SonicWall published a security advisory detailing fifteen security vulnerabilities in Global Management Suite (GMS) and Analytics. Among these vulnerabilities, Arctic Wolf has highlighted four in this bulletin which received a Common Vulnerability Scoring System (CVSS) rating of critical. The following vulnerabilities can allow an unauthenticated threat actor to view, modify, or delete data that the application is able to access.

A manufacturing organization became the target of a business email compromise (BEC) attack. The threat actor utilized stolen credentials and then hoped a prompt-bomb attack will work — it did, and the threat actor was able to take over the user’s inbox. While, thankfully, this incident was detected and responded to by Arctic Wolf before more damage was done, BEC attacks are becoming more common and more successful by the month.

On July 11th, 2023, Fortinet published a security advisory detailing a remote code execution vulnerability affecting FortiOS and FortiProxy (CVE-2023-33308). This stack-based overflow vulnerability affects proxy policies and/or firewall policies with proxy mode and SSL deep packet inspection enabled. This CVE was discovered and responsibly disclosed to Fortinet by security researchers.

Too often, organizations find themselves stuck in a cycle of reacting to threats; figuring out how to stop a business email compromise attack or trying to find a threat actor who’s activated malware in the system. This leaves often short-staffed and overworked IT teams without the bandwidth to focus on the proactive side of cybersecurity.

Summer is here, and things are heating up in the cybersecurity sphere. June saw a third-party vulnerability spiral into the furthest-reaching cyber attack of the year thus far, while separate attacks cut into summer plans for gamers, vacationers, and commuters alike.

On the 6th of July 2023, a joint advisory was published by CISA, the FBI, and CCCS (Canadian Center for Cyber Security) warning of a malware campaign actively exploiting a Remote Code Execution (RCE) vulnerability in Netwrix Auditor (CVE-2022-31199) for initial access.

On July 5th, 2023, Progress Software released a security advisory for a new critical SQL injection vulnerability, CVE-2023-36934, among two other high severity vulnerabilities impacting the MOVEit Transfer web application. These vulnerabilities were responsibly disclosed to Progress Software by researchers at HackerOne and Trend Micro’s Zero Day Initiative.

Last month, we saw top government officials meet with leading tech executives, including the Alphabet and Microsoft CEOs, to discuss advancements in AI and Washington’s involvement.

On June 27th 2023, Arcserve published an advisory for a critical unauthenticated remote code execution (RCE) vulnerability affecting Arcserve Unified Data Protection (UDP) for Windows. Arcserve UDP is a centralized backup and disaster recovery solution. By exploiting this RCE vulnerability, threat actors may be able to gain unauthorized access to sensitive data, install malware, or launch other types of attacks from infected devices.