
CVE-2023-33733: RCE Vulnerability in ReportLab PDF Toolkit
On May 31st, 2023, a working exploit has been publicly released for a remote code execution (RCE) vulnerability (CVE-2023-33733), impacting ReportLab PDF Toolkit python libraries
The cybersecurity industry has an effectiveness problem. Despite new technologies emerging every year, high-profile breaches continue to occur. To prevent these attacks, the industry needs to adopt a new approach by focusing on security operations. That’s where Arctic Wolf can help.
Built on an open XDR architecture, the Arctic Wolf Platform® combines with our Concierge Security® Model to work as an extension of your team, proactively protect your environment, and strengthen your security posture.
Learn more about our unique approach to cybersecurity and why Arctic Wolf has emerged as a leader in the industry.
GLOSSARYCybersecurity GlossaryDeepen your knowledge with definitions, explanations, and overviews of the most important terms and concepts in cybersecurity.READ NOW ❯ |
GUIDEComprehensive Guide To Security OperationsLearn how to minimize risk and continuously improve your security posture using the Arctic Wolf guide for implementing a security operations framework at your organization.READ NOW ❯ |
GUIDE2023 Gartner® Market Guide For MDR ServicesThe 2023 Gartner® Market Guide for MDR Services provides a comprehensive overview of the evolving MDR landscape.READ NOW ❯ |
We envision a future without cyber risk. Every organization should be so effective at security operations that both the likelihood and impact of a cyber attack is minimized to the point where risk is essentially zero.
On May 31st, 2023, a working exploit has been publicly released for a remote code execution (RCE) vulnerability (CVE-2023-33733), impacting ReportLab PDF Toolkit python libraries
On May 31, 2023, Progress released a security advisory warning customers of a critical zero-day vulnerability being actively exploited in MOVEit Transfer, a managed file
On Wednesday, the 24th of May, 2023, Zyxel released a security advisory for several vulnerabilities capable of granting unauthenticated remote code execution (RCE) in their
On Wednesday, May 3, 2023, Google introduced eight new top-level domains (TLD) available for purchase and that could be used with websites and/or email addresses.
In a security advisory published on May 9th, Microsoft disclosed the existence of a Local Privilege Escalation vulnerability in Sysmon (CVE-2023-29343). The vulnerability was discovered
On May 9, 2023, Microsoft published their May 2023 Security Update which includes two actively exploited vulnerabilities. This Security Update patched multiple high to critical
Oracle recently released their Critical Patch Update addressing 433 vulnerabilities across their products, including a vulnerability in the Oracle Hospitality OPERA 5 Property Services product.
On Thursday, April 20, 2023, VMware disclosed a critical deserialization vulnerability (CVE-2023-20864) in VMware Aria Operations for Logs—formerly known as vRealize Log Insight—that could result
On April 19, 2023, PaperCut confirmed print management servers vulnerable to a critical remote code execution vulnerability (CVE-2023-27350: CVSS 9.8) are being actively exploited by
On April 11, 2023, Microsoft published their April 2023 Security Update and patched multiple high to critical vulnerabilities, with one of them being actively exploited
On Wednesday, March 29, 2023, details of unexpected malicious activity observed from the legitimate and cryptographically signed 3CX SoftPhone Desktop App application were shared in
On Saturday, March 18, 2023, Horizon3 researchers released a proof-of-concept (PoC) exploit for CVE-2023-27532, a high-severity missing authentication vulnerability impacting Veeam Backup and Replication (VBR)
On March 14, 2023, Microsoft published their March 2023 Security Update and patched multiple high to critical vulnerabilities, with two of them being actively exploited
Summary On Friday, March 10, 2023, California state regulators took possession of Silicon Valley Bank (SVB) and appointed The Federal Deposit Insurance Corporation (FDIC) as
On February 14, 2023, Microsoft released a security advisory for CVE-2023-21716, a critical remote code execution vulnerability in Microsoft Word. While CVE-2023-21716 was deemed to
On Wednesday, March 1, 2023, Cisco published an advisory of a critical severity vulnerability impacting 6800, 7800, and 8800 series IP phones. The vulnerability allows
Note: This is not a new breach of LastPass’ systems, but rather sharing of additional details from their investigation into the incident they publicly disclosed
On Thursday, February 16, 2023, Fortinet patched two critical unauthenticated remote code execution vulnerabilities, one impacting FortiNAC (CVE-2022-39952) and one impacting FortiWeb (CVE-2021-42756). Both vulnerabilities
On February 14, 2023, Microsoft published its February 2023 Security Update and patched multiple high to critical vulnerabilities, with some of them being actively exploited
Arctic Wolf has observed a significant increase in the number of malicious files delivered and opened via OneNote email attachments. Unlike malicious Word and Excel
On February 3, 2023, the developers of GoAnywhere MFT (Managed File Transfer) sent an advisory to their customers warning them of a zero-day remote code
On January 30, 2023, QNAP Systems Inc. disclosed a new critical vulnerability that could allow remote attackers to inject malicious code on QNAP NAS devices
On Tuesday, January 24th, 2023, VMware disclosed two critical vulnerabilities in VMware vRealize Log Insight that could result in remote code execution (RCE). CVE-2022-31706
Later this week, Horizon3 researchers plan to release a Proof of Concept (PoC) exploit for CVE-2022-47966, a critical unauthenticated, remote code execution vulnerability in multiple
Between the 28th –30th of December 2022, Zoho released security updates to address a SQL injection vulnerability that they identified, designated as CVE-2022-47523. An advisory
On Thursday, December 22, 2022, LastPass updated their security incident notice to include additional details around the data breach they began investigating in November 2022.
Arctic Wolf has observed an increase in exploitation of CVE-2022-41080 and CVE-2022-41082 in recent Incident Response engagements where the vulnerabilities were chained together to achieve remote code
Updated: Dec 18, 2022 On the 12th of December 2022, we sent out a security bulletin about a Fortinet security advisory involving an actively exploited
In a coordinated disclosure with Microsoft on December 13th, 2022, security researchers with Mandiant, SentinelOne, and Sophos published evidence of a threat actor technique where
As part of Microsoft’s September 2022 Security Update, Microsoft released security updates to remediate CVE-2022-37958–an information disclosure vulnerability in SPNEGO NEGOEX that impacted all Windows
© 2023 Arctic Wolf Networks Inc. All Rights Reserved. |
|||||
Privacy Notice |
Terms of Use |
Cookie Policy |
Accessibility Statement |
Information Security |
Cookies Settings |