Arctic Wolf has recently worked on multiple incident response cases where we have observed a Cactus ransomware campaign exploiting vulnerabilities in Qlik Sense to gain
Beginning on at least October 20, 2023, a North Korea-linked threat actor, tracked as Diamond Sleet by Microsoft, leveraged a modified CyberLink installer to compromise
On August 10, 2023, CrushFTP released an advisory regarding a vulnerability affecting versions of CrushFTP lower than 10.5.1. Since then, the vulnerability has been tracked
On November 14, 2023, Microsoft published their November Security Update with patches for 63 vulnerabilities. Among these vulnerabilities, Arctic Wolf has highlighted five in this
On November 6, 2023, Veeam published security hotfixes for two critical-severity vulnerabilities impacting Veeam ONE. CVE-2023-38547 (CVSS 9.9) could allow an unauthenticated threat actor to
On November 2, 2023, SysAid was notified by Microsoft of a zero-day path traversal vulnerability allowing for remote code execution, which affects their on-premises ITSM
On November 4, 2023, QNAP published security advisories for two critical command injection vulnerabilities impacting multiple versions of QNAP operating systems and applications related to
On October 27, 2023, Apache published a security advisory addressing that a critical remote code execution (RCE) vulnerability has been fixed in the latest updates
On October 26, 2023, F5 released security hotfixes for a critical unauthenticated RCE vulnerability (CVE-2023-46747) in BIG-IP’s Traffic Management User Interface (TMUI). If successfully exploited
On October 25, 2023 VMware published a security advisory regarding a critical out-of-bounds write vulnerability (CVE-2023-34048) that has been fixed in the latest updates by
On October 18, 2023, ServiceNow published a knowledge base article revealing that they are aware of reporting that details a potential misconfiguration issue. This issue
On October 16, 2023, Cisco published a security advisory regarding an actively exploited and unpatched privilege escalation vulnerability in the Web UI feature of the
On October 10, 2023, Microsoft published their October 2023 Security Update including patches for 104 vulnerabilities. Among these vulnerabilities, Arctic Wolf has highlighted two with
On October 10, 2023, Citrix issued a security bulletin describing a critical vulnerability in NetScaler Application Delivery Controller (ADC) and NetScaler Gateway (CVE-2023-4966, CVSS: 9.4).
On October 4, 2023, Cisco published a security advisory disclosing a critical authentication bypass vulnerability (CVE-2023-20101, CVSS: 9.8) in Cisco Emergency Responder. CVE-2023-20101 allows an
On October 4, 2023, Atlassian issued a security advisory revealing potential active exploitation of a previously unknown vulnerability (CVE-2023-22515, CVSS: 10) affecting Confluence Data Center
On October 2, 2023, Exim released security fixes for an out-of-bounds write remote code execution (RCE) vulnerability (CVE-2023-42115, CVSS: 9.8). This vulnerability affects the Simple
On September 27, 2023, Progress Software released a security advisory detailing multiple vulnerabilities in their WS_FTP Server product, including two with a critical severity rating.
On September 7, 2023, Apple released emergency security updates to fix a buffer overflow vulnerability (CVE-2023-41064) impacting macOS, iOS, iPadOS, and watchOS products that was
On September 20, 2023, JetBrains published a blog detailing a critical Remote Code Execution (RCE) vulnerability that was identified in TeamCity On-Premises (CVE-2023-42793). This vulnerability
On September 21, 2023, Apple released emergency security updates to fix three vulnerabilities impacting macOS, iOS, iPadOS, and Safari. Vulnerability Description Impacted
In the last few weeks, Arctic Wolf Labs has noted an increase in threat activity targeting Okta as an attack vector. The relevant Techniques, Tools,
On September 12, 2023, Microsoft published their September 2023 Security Update with patches for 59 vulnerabilities. Among these 59 vulnerabilities, Arctic Wolf has highlighted two
On August 31, 2023, Arctic Wolf sent out a bulletin alerting customers to an ongoing brute force campaign targeting Cisco Adaptive Security Appliance (ASA). Subsequently,
On September 7, 2023, Apple released emergency security updates to fix a buffer overflow vulnerability (CVE-2023-41064) and a validation issue vulnerability (CVE-2023-41061) among macOS, iOS,
Arctic Wolf has been tracking multiple intrusions where Cisco VPN account credentials were harnessed by Akira ransomware for initial access. In a recent Cisco PSIRT
On Tuesday, August 29, 2023, VMware disclosed a critical authentication bypass vulnerability (CVE-2023-34039) in VMware Aria Operations for Networks–formerly known as vRealize Network Insight–that could
On August 21, 2023, Ivanti published a knowledge base article on a critical authentication bypass vulnerability impacting Ivanti Sentry (CVE-2023-38035). For this vulnerability to be
On August 14th, 2023, cybersecurity company Tenable released a research advisory detailing two stack-based buffer overflow vulnerabilities, collectively tracked as CVE-2023-32560, impacting Ivanti Avalanche products
On August 17th, 2023, Juniper Networks released out-of-band fixes for multiple vulnerabilities that could be chained together to achieve unauthenticated remote code execution (RCE) on
