Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

On May 31st, 2023, a working exploit has been publicly released for a remote code execution (RCE) vulnerability (CVE-2023-33733), impacting ReportLab PDF Toolkit python libraries of versions prior to 3.6.13. The researcher of the POC has previously contacted ReportLab in April 2023, detailing this vulnerability and ReportLab has released a fix on April 27th, 2023, through ReportLab 3.6.13.

Cyber attacks on Australian hospitals and healthcare providers are becoming a more frequent occurrence. The Australian Cyber Security Centre, the ACSC, has recently warned healthcare providers in Australia of an increased number of cyber attacks aimed at the healthcare industry. The ACSC has identified ransomware and other cyber attack methods as leading to dangerous breaches of sensitive hospital data, which can have widespread ramifications if not addressed and preempted.

Cyber risk is everywhere. From credential theft to misconfigurations to vulnerabilities and even phishing attempts, there are cybercriminals poking and prodding at organizations from every angle. This means that organizations not only need to up their cybersecurity, but they also need to think about it in terms of risk and how to holistically mitigate that risk — from identifying threats to protecting against them and responding to them.

On Wednesday, the 24th of May, 2023, Zyxel released a security advisory for several vulnerabilities capable of granting unauthenticated remote code execution (RCE) in their line of Firewall and VPN products, tracked as CVE-2023-33009 and CVE-2023-33010. These buffer overflow vulnerabilities are also capable of inducing denial of service conditions.

On Wednesday, May 3, 2023, Google introduced eight new top-level domains (TLD) available for purchase and that could be used with websites and/or email addresses. From these eight new TLD’s, one that stands out as a potential security risk is.zip. The.zip TLD is concerning since it is also used as an extension of files commonly shared over the internet. With the inclusion of.zip as a domain, email clients and web platforms will now accept URLs disguised as filenames with.zip extensions.

On Wednesday, May 17, 2023, Cisco disclosed four critical remote code execution vulnerabilities affecting the web-based user interface of Cisco Small Business Series Switches. Cisco’s Product Security Incident Response Team (PSIRT) is aware of PoC exploit code being available for these vulnerabilities, however, they have not identified a publicly available PoC exploit.

Financial institutions experience a level of regulatory burden and security compliance requirements that few other industries must contend with. Since they’re a central target for attackers due to the money they move and the vast amounts of data they possess, they’ve become a central focus for regulators due to the danger to the global economy should one of them fall victim to a breach.

In a security advisory published on May 9th, Microsoft disclosed the existence of a Local Privilege Escalation vulnerability in Sysmon (CVE-2023-29343). The vulnerability was discovered by an independent security researcher and was responsibly disclosed to Microsoft. Microsoft has released Sysmon version 14.16 to address this vulnerability.