Beginning on at least 20 October 2023, a North Korea-linked threat actor, tracked as Diamond Sleet by Microsoft, leveraged a modified CyberLink installer to compromise
On 10 August 2023, CrushFTP released an advisory regarding a vulnerability affecting versions of CrushFTP lower than 10.5.1. Since then, the vulnerability has been tracked
On 14 November 2023, Microsoft published their November Security Update with patches for 63 vulnerabilities. Among these vulnerabilities, Arctic Wolf has highlighted five in this
On 26 October 2023, F5 released security hotfixes for a critical unauthenticated RCE vulnerability (CVE-2023-46747) in BIG-IP’s Traffic Management User Interface (TMUI). If successfully exploited
On 25 October 2023 VMware published a security advisory regarding a critical out-of-bounds write vulnerability (CVE-2023-34048) that has been fixed in the latest updates by
On 18 October 2023, ServiceNow published a knowledge base article revealing that they are aware of reporting that details a potential misconfiguration issue. This issue
On October 10, 2023, Microsoft published their October 2023 Security Update including patches for 104 vulnerabilities. Among these vulnerabilities, Arctic Wolf has highlighted two with
On 10 October 2023, Citrix issued a security bulletin describing a critical vulnerability in NetScaler Application Delivery Controller (ADC) and NetScaler Gateway (CVE-2023-4966, CVSS: 9.4).
On 20 September 2023, JetBrains published a blog detailing a critical Remote Code Execution (RCE) vulnerability that was identified in TeamCity On-Premises (CVE-2023-42793). This vulnerability
On 21 September 2023, Apple released emergency security updates to fix three vulnerabilities impacting macOS, iOS, iPadOS, and Safari. Vulnerability Description
In the last few weeks, Arctic Wolf Labs has noted an increase in threat activity targeting Okta as an attack vector. The relevant Techniques, Tools,
On 31 August 2023, Arctic Wolf sent out a bulletin alerting customers to an ongoing brute force campaign targeting Cisco Adaptive Security Appliance (ASA). Subsequently,
On 7 September 2023, Apple released emergency security updates to fix a buffer overflow vulnerability (CVE-2023-41064) and a validation issue vulnerability (CVE-2023-41061) among macOS, iOS,
Arctic Wolf has been tracking multiple intrusions where Cisco VPN account credentials were harnessed by Akira ransomware for initial access. In a recent Cisco PSIRT
On 14 August 2023, cybersecurity company Tenable released a research advisory detailing two stack-based buffer overflow vulnerabilities, collectively tracked as CVE-2023-32560, impacting Ivanti Avalanche products version
On 17 August 2023, Juniper Networks released out-of-band fixes for multiple vulnerabilities that could be chained together to achieve unauthenticated remote code execution (RCE) on SRX
On 11 July 2023, Microsoft published their July 2023 Security Update with patches for 130 vulnerabilities and 2 advisories, with 6 of these being actively
On the 6th of July 2023, a joint advisory was published by CISA, the FBI, and CCCS (Canadian Center for Cyber Security) warning of a
On 27 June 2023, Arcserve published an advisory for a critical unauthenticated remote code execution (RCE) vulnerability affecting Arcserve Unified Data Protection (UDP) for Windows.
On 13 June 2023, Microsoft published their June 2023 Security Update which included patches for six vulnerabilities with a max severity of critical. According to
On 12 June 2023, Fortinet released a security advisory and blog post on CVE-2023-27997, stating that the vulnerability is caused by a heap-based buffer overflow, allowing threat
On 9 June 2023, Progress released a security advisory detailing newly discovered SQL injection vulnerabilities impacting the MOVEit Transfer web application and Cloud. The vulnerabilities
On Tuesday, 6 June 2023, Barracuda announced that all ESG appliances compromised via CVE-2023-2868 must be immediately replaced, regardless of the current patch version.
On Wednesday, 17 May 2023, Cisco disclosed four critical remote code execution vulnerabilities affecting the web-based user interface of Cisco Small Business Series Switches.
On Wednesday 3 May 2023, Google introduced eight new top-level domains (TLD) available for purchase and that could be used with websites and/or email addresses.
On Thursday, 20 April 2023, VMware disclosed a critical deserialisation vulnerability (CVE-2023-20864) in VMware Aria Operations for Logs—formerly known as vRealize Log Insight—that could result
On 19 April, 2023, PaperCut confirmed print management servers vulnerable to a critical remote code execution vulnerability (CVE-2023-27350: CVSS 9.8) are being actively exploited by
On Saturday, 18 March 2023, Horizon3 researchers released a proof-of-concept (PoC) exploit for CVE-2023-27532, a high-severity missing authentication vulnerability impacting Veeam Backup and Replication (VBR)
On 3 February 2023, the developers of GoAnywhere MFT (Managed File Transfer) sent an advisory to their customers warning them of a zero-day remote code
On Tuesday 24 January 2023, VMware disclosed two critical vulnerabilities in VMware vRealize Log Insight that could result in remote code execution (RCE). CVE-2022-31706
