Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

On November 6, 2023, Veeam published security hotfixes for two critical-severity vulnerabilities impacting Veeam ONE. At this time, Arctic Wolf has not identified active exploitation of either vulnerability, nor a published proof of concept (PoC) exploit. Although threat actors have not historically targeted Veeam ONE products, obtaining RCE on the monitoring and analytics platform will likely increase the potential for threat actors to create a working PoC exploit and attempt exploitation.

The cloud offers major benefits to organizations, helping increase business agility, better serve their customers’ needs, and cut their costs. This is why the typical modern business now uses public, infrastructure-as-a-service (IaaS) cloud platforms for its major business and organizational functions. However, the cloud also introduces new risks that can increase your costs should you fall victim to a breach.

On October 27, 2023, Apache published a security advisory addressing that a critical remote code execution (RCE) vulnerability has been fixed in the latest updates for Apache ActiveMQ products, CVE-2023-46604. This vulnerability was rated with a maximum Common Vulnerability Scoring System (CVSS) score of 10.0, as it can be exploited remotely by an unauthenticated threat actor in low complexity attacks.

This article aims to share timely and relevant information about a rapidly developing campaign under investigation. We are publishing it as early as possible for the benefit of the cybersecurity community, and we may provide updates in the near future once more details become available in our research.

When a ransomware group launched twin cyber attacks on casino giants MGM and Caesars, they only needed the accidental participation of the organizations’ outsourced IT help desk to get started. It was social engineering — in this case impersonation over the phone, or vishing— that gave the hackers the information they needed to launch a ransomware attack that cost both casinos millions.

On October 26, 2023, F5 released security hotfixes for a critical unauthenticated RCE vulnerability (CVE-2023-46747) in BIG-IP’s Traffic Management User Interface (TMUI). If successfully exploited a threat actor with network access to the vulnerable system could bypass the configuration utility authentication and execute arbitrary system commands. CVE-2023-46747 is exploitable if the Traffic Management User Interface is exposed to the Internet.

On October 25, 2023 VMware published a security advisory regarding a critical out-of-bounds write vulnerability (CVE-2023-34048) that has been fixed in the latest updates by VMware. The vulnerability has received a critical severity rating by VMware as it could potentially allow a remote, unauthenticated threat actor to achieve remote code execution if successfully exploited.

On October 18, 2023, ServiceNow published a knowledge base article revealing that they are aware of reporting that details a potential misconfiguration issue. This issue lies in the Access Control Lists (ACL) within ServiceNow that if misconfigured could result in unauthenticated threat actors being able to access data. The issue was discovered by a security engineer at AppOmni, and was disclosed in a blog to the public on October 14, 2023.