Arctic Wolf has recently worked multiple incident response cases where we have observed ransomware groups exploiting CVE-2023-41265, CVE-2023-41266 & CVE-2023-48365 to gain initial access. On August 29, 2023, Qlik published a support article detailing two vulnerabilities which when successfully exploited in tandem could lead to an unauthenticated threat actor achieving remote code execution (RCE). CVE-2023-41266.

Arctic Wolf Labs has observed a new Cactus ransomware campaign which exploits publicly-exposed installations of Qlik Sense, a cloud analytics and business intelligence platform.[1] Based on available evidence, we assess that all vulnerabilities exploited were previously identified by researchers from Praetorian [2,3]. For more information on these vulnerabilities, see the advisories published by Qlik (CVE-2023-41266, CVE-2023-41265, and CVE-2023-48365) as well as our Security Bulletin.

Cybersecurity automation has steadily gained traction as organizations seek to improve efficiency, address talent gaps, and keep up with escalating threats. However, our latest State of Cybersecurity Automation research shows that while more businesses are utilizing automation, they continue to grapple with obstacles that prevent them from fully capitalizing on its benefits.

Today’s Trust Issues guest is Brian Contos, Chief Strategy Officer at Sevco Security. With host David Puner, Contos discusses the intricacies of securing the Internet of Things (IoT) and the challenges posed by the expanding IoT landscape – emphasizing the need for robust identity management. In a broader context, IoT encompasses identity management, cybersecurity and the evolving role of AI in safeguarding digital assets.

AWS offers the infrastructure, innovation, services, and reliability to run your mission-critical applications, which is why millions of customers partner with AWS to build, run, and scale applications in the cloud. But how can customers proactively ensure the security of these critical applications?

Application security posture management (ASPM) enables AppSec teams to continuously monitor, manage, and improve the security health of software applications throughout their lifecycle. It provides a framework for ensuring that applications are built securely from the start, maintained with security in mind, and continuously monitored for vulnerabilities that introduce significant risk to the business. With ASPM, we get aggregated data in a unified dashboard.

Almost a year ago to the day, on December 1 2022, Forescout Vedere Labs published a report detailing several hacktivist operations that targeted critical infrastructure in response to the Russian invasion of Ukraine and other geopolitical developments. Since the most recent chapter in the Hamas-Israel conflict started on October 7, there have been multiple similar claims of attacks from hacktivists taking opposing sides in the conflict.

I hope you're all enjoying this series on Hunting with Splunk as much as we enjoy bringing it to you. This article discusses a foundational capability within Splunk — the eval command. If I had to pick a couple of Splunk commands that I would want to be stuck on a desert island with, the eval command is up there right next to stats and sort. (Part of our Threat Hunting with Splunk series, this article was originally written by John Stoner. We’ve updated it recently to maximize your value.)

Throughout the year, special events lead to changes in Internet traffic. We observed this with Thanksgiving in the US last week, where traffic dipped, and during periods like Black Friday (November 24, 2023) and Cyber Monday (November 27, 2023), where traffic spiked. But how significant are these Cyber Week days on the Internet? Is it a global phenomenon? Does e-commerce interest peak on Black Friday or Cyber Monday, and are attacks increasing during this time?

An old proverb, dating to at least the 1360’s, states: "For want of a nail, the shoe was lost, for want of a shoe, the horse was lost, for want of a horse, the rider was lost, for want of a rider, the battle was lost, for want of a battle, the kingdom was lost, and all for the want of a horseshoe nail," When published in Ben Franklin’s Poor Richard’s Almanack in 1768, it was preceded by the cautionary words: “a little neglect may breed great mischief”.