Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

November 2023

Arctic Wolf

CVE-2023-41265, CVE-2023-41266 & CVE-2023-48365: Multiple Vulnerabilities in Qlik Sense Enterprise Actively Exploited

Nov 28, 2023 By James Liolios In Arctic Wolf
Arctic Wolf has recently worked multiple incident response cases where we have observed ransomware groups exploiting CVE-2023-41265, CVE-2023-41266 & CVE-2023-48365 to gain initial access. On August 29, 2023, Qlik published a support article detailing two vulnerabilities which when successfully exploited in tandem could lead to an unauthenticated threat actor achieving remote code execution (RCE). CVE-2023-41266.
Read Post
Arctic Wolf

Qlik Sense Exploited in Cactus Ransomware Campaign

Nov 28, 2023 By Stefan Hostetler, Markus Neis, Kyle Pagelow In Arctic Wolf
Arctic Wolf Labs has observed a new Cactus ransomware campaign which exploits publicly-exposed installations of Qlik Sense, a cloud analytics and business intelligence platform.[1] Based on available evidence, we assess that all vulnerabilities exploited were previously identified by researchers from Praetorian [2,3]. For more information on these vulnerabilities, see the advisories published by Qlik (CVE-2023-41266, CVE-2023-41265, and CVE-2023-48365) as well as our Security Bulletin.
Read Post
Arctic Wolf

North Korea-Linked Threat Actor, Diamond Sleet, Distributes Modified CyberLink Installer in Supply Chain Compromise

Nov 27, 2023 By Steven Campbell In Arctic Wolf
Beginning on at least October 20, 2023, a North Korea-linked threat actor, tracked as Diamond Sleet by Microsoft, leveraged a modified CyberLink installer to compromise victim assets. CyberLink Corp. is a Taiwan-based multimedia software company that develops media editing and recording software.
Read Post
Arctic Wolf

CVE-2023-43177: Critical Unauthenticated RCE Vulnerability in CrushFTP

Nov 27, 2023 By James Liolios In Arctic Wolf
On August 10, 2023, CrushFTP released an advisory regarding a vulnerability affecting versions of CrushFTP lower than 10.5.1. Since then, the vulnerability has been tracked as CVE-2023-43177 and the security researchers at Converge published a blog sharing their findings on November 16. CVE-2023-43177 is a mass assignment vulnerability related to how CrushFTP parses request headers for the AS2 protocol. Successful exploitation could lead to unauthenticated, remote code execution (RCE).
Read Post
Arctic Wolf

Business Email Compromise Attacks (BEC) Keep Growing - Here's How to Increase Your BEC Cybersecurity

Nov 21, 2023 By Arctic Wolf In Arctic Wolf

This spring, Australian authorities were able to arrest a cybercrime syndicate that had conducted BEC attacks on at least 15 individuals and organizations with stolen profits totaling $1.7 million (USD). If those numbers seem shocking, they’re part of a growing upward trend of BEC attacks that shows no sign of slowing down.

Read Post
Arctic Wolf

7 Ways to Strike Balance Between Technical Debt and Security Posture in The World of Open Source

Nov 17, 2023 By Karan Goenka and Michael Fischer In Arctic Wolf
Software development at the speed of business is a constant balance of tradeoffs, and managing the risk of open-source software is one of the most emerging prominent examples. This is driven home by high-profile supply chain attacks such as the ones on SolarWinds, Log4J, and MoveIt. Each of these examples represents a different type of abuse, including.
Read Post

The Howler - Episode 3 - Dan Schiappa, Chief Product Officer

Nov 16, 2023 By Arctic Wolf In Arctic Wolf
In this episode, our hosts sit down with Dan Schiappa, Chief Product Officer at Arctic Wolf. Dan is responsible for driving innovation across product, engineering, alliances, and business development teams to help meet demand for security operations through Arctic Wolf’s growing customer base—especially in the enterprise sector.
View Video

The Howler - Episode 1 - Brian NeSmith, Co-Founder and Executive Chairman of Arctic Wolf

Nov 15, 2023 By Arctic Wolf In Arctic Wolf
In the first Howler podcast episode, our hosts sit down with Brian NeSmith, Co-Founder and Executive Chairman of Arctic Wolf. Brian NeSmith is an internationally recognized business leader, bringing more than 30 years of cybersecurity leadership, including extensive experience driving revenue growth and scaling organizations globally. Before founding Arctic Wolf, he served as CEO of Blue Coat Systems, and prior to Blue Coat, CEO of Ipsilon Networks (acquired by Nokia), which became the leading appliance platform for Check Point firewalls.
View Video

The Howler - Episode 2 - Adam Marrè - Chief Information Security Officer

Nov 15, 2023 By Arctic Wolf In Arctic Wolf
In this episode, our hosts sit down with Adam Marrè, Chief Information Security Officer at Arctic Wolf. Prior to joining Arctic Wolf, Adam was the Global Head of Information Security Operations and Physical Security at Qualtrics. With deep roots in the cybersecurity space, Adam spent almost 12 years with the FBI, holding positions like SWAT Senior Team Leader and Special Agent. In this episode, Adam gives us a peak into the life of a CISO, what keeps him up at night, how he manages stress, and what he believes is foundational to leadership.
View Video
Arctic Wolf

CVE-2023-23368 & CVE-2023-23369: Critical Command Injection Vulnerabilities in QNAP Products

Nov 14, 2023 By James Liolios In Arctic Wolf
On November 4, 2023, QNAP published security advisories for two critical command injection vulnerabilities impacting multiple versions of QNAP operating systems and applications related to the vendor’s network-attached storage (NAS) devices. Both vulnerabilities have been given critical CVSS scores (CVE-2023-23368: 9.8, CVE-2023-23369: 9.0) and both can lead to unauthenticated, remote threat actors executing commands if successfully exploited.
Read Post
Arctic Wolf

CVE-2023-47246: 0-day Remote Code Execution Vulnerability Actively Exploited in SysAid On-Premises

Nov 14, 2023 By Adrian Korn In Arctic Wolf
On November 2, 2023, SysAid was notified by Microsoft of a zero-day path traversal vulnerability allowing for remote code execution, which affects their on-premises ITSM solution. In the investigation conducted by SysAid, it was determined that the vulnerability was being actively exploited by a ransomware affiliate group known as Lace Tempest (DEV-0950), a group known for deploying the CL0P ransomware payload.
Read Post
Arctic Wolf

CVE-2023-38547 & CVE-2023-38548: Two Critical Vulnerabilities in Veeam ONE

Nov 14, 2023 By Steven Campbell In Arctic Wolf
On November 6, 2023, Veeam published security hotfixes for two critical-severity vulnerabilities impacting Veeam ONE. At this time, Arctic Wolf has not identified active exploitation of either vulnerability, nor a published proof of concept (PoC) exploit. Although threat actors have not historically targeted Veeam ONE products, obtaining RCE on the monitoring and analytics platform will likely increase the potential for threat actors to create a working PoC exploit and attempt exploitation.
Read Post
Arctic Wolf

How to Improve Your Cloud Security with AWS

Nov 10, 2023 By Sule Tatar In Arctic Wolf
The cloud offers major benefits to organizations, helping increase business agility, better serve their customers’ needs, and cut their costs. This is why the typical modern business now uses public, infrastructure-as-a-service (IaaS) cloud platforms for its major business and organizational functions. However, the cloud also introduces new risks that can increase your costs should you fall victim to a breach.
Read Post
Arctic Wolf

CVE-2023-46604: Critical RCE Vulnerability in Apache ActiveMQ

Nov 3, 2023 By Andres Ramos In Arctic Wolf
On October 27, 2023, Apache published a security advisory addressing that a critical remote code execution (RCE) vulnerability has been fixed in the latest updates for Apache ActiveMQ products, CVE-2023-46604. This vulnerability was rated with a maximum Common Vulnerability Scoring System (CVSS) score of 10.0, as it can be exploited remotely by an unauthenticated threat actor in low complexity attacks.
Read Post
Arctic Wolf

Exploitation of CVE-2023-46604 in Apache ActiveMQ Leads to TellYouThePass Ransomware

Nov 3, 2023 By Stefan Hostetler, Markus Neis, Christopher Prest, Hady Azzam, Joe Wedderspoon, and Ross Phillips In Arctic Wolf
This article aims to share timely and relevant information about a rapidly developing campaign under investigation. We are publishing it as early as possible for the benefit of the cybersecurity community, and we may provide updates in the near future once more details become available in our research.
Read Post

Copyright © 2024 OpsMatters™. All rights reserved.