On June 23, 2023, Fortinet disclosed a critical Remote Code Execution (RCE) vulnerability (CVE-2023-33299) affecting FortiNAC, a network access control solution utilized by organizations to manage network access policies and compliance. This vulnerability is the result of the deserialization of untrusted data. Deserialization vulnerabilities such as this one are dangerous because a threat actor can insert a modified serialized object into the system which leads to unauthenticated RCE.

Strong, resilient security operations require the proper melding of people, technology, and processes to achieve the goal of reducing the likelihood and impact of cyber threats. The right security operations center (SOC) will strengthen the overall security resiliency of an organization. The wrong one will tax your team — leading to mistakes, breaches, and losses.

On June 9th 2023, security researchers from Olympe CyberDefense published a blog stating that they responsibly disclosed a critical vulnerability in SSL-VPN firewalls to Fortinet. This vulnerability, CVE-2023-27997, is a critical, pre-authentication RCE vulnerability that impacts all versions of Fortinet SSL-VPN firewalls, even if multi-factor authentication (MFA) is enabled. The security researchers responsibly disclosed the vulnerability to Fortinet.

On June 9, 2023, Progress released a security advisory detailing newly discovered SQL injection vulnerabilities impacting the MOVEit Transfer web application and Cloud. The vulnerabilities are distinct from CVE-2023-34362, which was actively exploited by Clop Ransomware to exfiltrate data and extort compromised organizations. Although distinct, the vulnerabilities result in nearly identical unauthorized access where threat actors could modify or disclose MOVEit database content.

On Tuesday, June 6, 2023, Barracuda announced that all ESG appliances compromised via CVE-2023-2868 must be immediately replaced, regardless of the current patch version. Barracuda ESG is an email security gateway that manages and filters inbound and outbound email traffic within an organization’s network. On May 18, 2023, Barracuda identified CVE-2023-2868 after being alerted to anomalous traffic originating from ESG appliances.

To compete in an increasingly cutthroat marketplace, retailers spend vast sums in hopes of becoming household names. But brand recognition is a double-edged sword when it comes to cybersecurity. The bigger your name, the bigger the cyber target on your back (no pun intended for the number one breach on our list). Retailers face growing cybersecurity risks.

Cybersecurity is a constant journey, always full of fresh challenges. New threats keep popping up. Endpoint-only solutions are ineffective. And the cybersecurity skills shortage makes it difficult to recruit and retain top talent — especially with the increasing salaries required to be competitive. You may consider a security operations center (SOC), until you find out that operating one in-house is prohibitively expensive and time-consuming.

May often heralds the start of summer — warm weather, long days, and plenty of cybersecurity workers taking much needed time off. Cybercriminals however, are always at their monitors and love to take advantage of times when they know defenses may be down and this month was no different. May saw a wide range of cybercrime, including disruptions of schools and news organizations, a slow-burn in the tech sector, and public negligence from one of the web’s most well-known entities.

On May 31, 2023, Progress released a security advisory warning customers of a critical zero-day vulnerability being actively exploited in MOVEit Transfer, a managed file transfer (MFT) solution. The exploitation of this vulnerability could lead to escalated privileges and potential unauthorized access to an environment, allowing threat actors to steal data and extort organizations.

On May 31st, 2023, a working exploit has been publicly released for a remote code execution (RCE) vulnerability (CVE-2023-33733), impacting ReportLab PDF Toolkit python libraries of versions prior to 3.6.13. The researcher of the POC has previously contacted ReportLab in April 2023, detailing this vulnerability and ReportLab has released a fix on April 27th, 2023, through ReportLab 3.6.13.