Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Latest Posts

CVE-2023-20101: Critical Authentication Bypass Vulnerability in Cisco Emergency Responder

On October 4, 2023, Cisco published a security advisory disclosing a critical authentication bypass vulnerability (CVE-2023-20101, CVSS: 9.8) in Cisco Emergency Responder. CVE-2023-20101 allows an unauthenticated, remote threat actor to utilize the root account (this account by default has hard coded credentials that cannot be altered) to log into an affected device.

Arctic Wolf + Revelstoke: SOARing to New Heights Together

Security orchestration, automation, and response (SOAR) has an opportunity to be a game changer in how we tackle cyber risk, but there is a significant disconnect between the promises made by existing SOAR platforms and how organizations are able to realize their real-world operational and cost-saving efficiencies. All those automations that promise to eliminate late hours working on mundane stuff. All the orchestrations that promise to get things done faster.

CVE-2023-40044, CVE-2023-42657: Two Critical Vulnerabilities Impacting Progress WS_FTP Server

On September 27, 2023, Progress Software released a security advisory detailing multiple vulnerabilities in their WS_FTP Server product, including two with a critical severity rating. CVE-2023-40044 (CVSS 10) is a deserialization vulnerability that affects the Ad Hoc Transfer module and could allow a threat actor to obtain remote code execution if successfully exploited.

CVE-2023-42115: Critical RCE Vulnerability in Exim

On October 2, 2023, Exim released security fixes for an out-of-bounds write remote code execution (RCE) vulnerability (CVE-2023-42115, CVSS: 9.8). This vulnerability affects the Simple Mail Transfer Protocol (SMTP) service and is caused by improper validation of user input. A threat actor can remotely exploit CVE-2023-42115 by writing data beyond the boundaries of a buffer, which leads to the execution of arbitrary code.

CVE-2023-4863: Critical Vulnerability in Widely Used libwebp Library

On September 7, 2023, Apple released emergency security updates to fix a buffer overflow vulnerability (CVE-2023-41064) impacting macOS, iOS, iPadOS, and watchOS products that was used in a zero-click exploitation chain by the NSO Group. Shortly after, on September 11, 2023, Google released an update to fix a buffer overflow vulnerability (CVE-2023-4863) in Google Chrome, which was reported by Apple’s Security Engineering and Architecture (SEAR) and Citizen Lab.

CVE-2023-42793: Critical RCE Vulnerability in TeamCity On-Premises

On September 20, 2023, JetBrains published a blog detailing a critical Remote Code Execution (RCE) vulnerability that was identified in TeamCity On-Premises (CVE-2023-42793). This vulnerability has a Common Vulnerability Scoring System (CVSS) score of 9.8 and can allow an unauthenticated attacker with HTTP(S) access to a TeamCity server to perform RCE. All versions of TeamCity On-Premises are affected by this vulnerability.

CVE-2023-41991, 41992, 41993: Three Actively Exploited Vulnerabilities in Apple Products Fixed

On September 21, 2023, Apple released emergency security updates to fix three vulnerabilities impacting macOS, iOS, iPadOS, and Safari. Citizen Lab and Google Threat Analysis Group (TAG) observed these three vulnerabilities exploited in an exploit chain against a former Egyptian Member of Parliament to deploy Predator spyware. Predator was developed by Intellexa/Cytrox to perform surveillance on targeted mobile devices.

Okta Environments Seeing Increased Targeted Threat Activity

In the last few weeks, Arctic Wolf Labs has noted an increase in threat activity targeting Okta as an attack vector. The relevant Techniques, Tools, and Procedures (TTPs) span across several different types of attacks. This bulletin will review several key aspects of these attacks.

Major Casinos Hacked Using Social Engineering Attacks

Two giants in the gaming and hospitality industry, Caesars Entertainment and MGM Resorts, recently announced that they were targeted by cybercriminals. But here’s the catch, both ransomware attacks appear to have started with the use of social engineering tactics against IT helpdesk personnel to gain access to systems.

BEC Attacks Are on the Rise for the Manufacturing Industry: What Does This Mean for You?

While ransomware continues to be a top concern for organizations, Business Email Compromise (BEC) incidents have been rising and targeting all industries. Based on the FBI’s most recent Internet Crime Report, BEC complaints outpace those of ransomware 10:1, and the losses incurred by BEC are 80 times greater than those incurred by ransomware.