On Saturday, March 18, 2023, Horizon3 researchers released a proof-of-concept (PoC) exploit for CVE-2023-27532, a high-severity missing authentication vulnerability impacting Veeam Backup and Replication (VBR)
On March 14, 2023, Microsoft published their March 2023 Security Update and patched multiple high to critical vulnerabilities, with two of them being actively exploited
Summary On Friday, March 10, 2023, California state regulators took possession of Silicon Valley Bank (SVB) and appointed The Federal Deposit Insurance Corporation (FDIC) as
On February 14, 2023, Microsoft released a security advisory for CVE-2023-21716, a critical remote code execution vulnerability in Microsoft Word. While CVE-2023-21716 was deemed to
On Wednesday, March 1, 2023, Cisco published an advisory of a critical severity vulnerability impacting 6800, 7800, and 8800 series IP phones. The vulnerability allows
Note: This is not a new breach of LastPass’ systems, but rather sharing of additional details from their investigation into the incident they publicly disclosed
On Thursday, February 16, 2023, Fortinet patched two critical unauthenticated remote code execution vulnerabilities, one impacting FortiNAC (CVE-2022-39952) and one impacting FortiWeb (CVE-2021-42756). Both vulnerabilities
On February 14, 2023, Microsoft published its February 2023 Security Update and patched multiple high to critical vulnerabilities, with some of them being actively exploited
Arctic Wolf has observed a significant increase in the number of malicious files delivered and opened via OneNote email attachments. Unlike malicious Word and Excel
On February 3, 2023, the developers of GoAnywhere MFT (Managed File Transfer) sent an advisory to their customers warning them of a zero-day remote code
On January 30, 2023, QNAP Systems Inc. disclosed a new critical vulnerability that could allow remote attackers to inject malicious code on QNAP NAS devices
On Tuesday, January 24th, 2023, VMware disclosed two critical vulnerabilities in VMware vRealize Log Insight that could result in remote code execution (RCE). CVE-2022-31706
Later this week, Horizon3 researchers plan to release a Proof of Concept (PoC) exploit for CVE-2022-47966, a critical unauthenticated, remote code execution vulnerability in multiple
Between the 28th –30th of December 2022, Zoho released security updates to address a SQL injection vulnerability that they identified, designated as CVE-2022-47523. An advisory
On Thursday, December 22, 2022, LastPass updated their security incident notice to include additional details around the data breach they began investigating in November 2022.
Arctic Wolf has observed an increase in exploitation of CVE-2022-41080 and CVE-2022-41082 in recent Incident Response engagements where the vulnerabilities were chained together to achieve remote code
Updated: Dec 18, 2022 On the 12th of December 2022, we sent out a security bulletin about a Fortinet security advisory involving an actively exploited
In a coordinated disclosure with Microsoft on December 13th, 2022, security researchers with Mandiant, SentinelOne, and Sophos published evidence of a threat actor technique where
As part of Microsoft’s September 2022 Security Update, Microsoft released security updates to remediate CVE-2022-37958–an information disclosure vulnerability in SPNEGO NEGOEX that impacted all Windows
On December 13th, 2022, Citrix disclosed a critical remote code execution vulnerability (CVE-2022-27518) affecting several versions of Citrix ADC and Citrix Gateway. Citrix strongly advises
On Friday, September 23rd, 2022, Sophos disclosed a critical code injection vulnerability impacting Sophos Firewall. This vulnerability, assigned CVE-2022-3236, affects Sophos Firewall versions v19.0 MR1
In a widespread campaign, threat actors chained two Zimbra Collaboration Suite vulnerabilities to obtain remote code execution and deploy a variety of webshells. As CVE-2022-27925,
On November 8th, 2022, Citrix disclosed a critical authentication bypass (CVE-2022-27510), a remote desktop takeover (CVE-2022-27513), and a user login brute force protection functionality bypass
On October 25, 2022, the OpenSSL project announced the existence of a critical vulnerability in the OpenSSL library affecting OpenSSL versions 3.0.0 and above, as
On October 28th, 2022, ConnectWise disclosed a critical remote code execution (RCE) vulnerability affecting ConnectWise Recover (version 2.9.7 and earlier) and R1Soft Server Backup Manager
On Tuesday, October 25th 2022, VMware disclosed a critical remote code execution vulnerability (CVE-2021-39144, CVSS 9.8) in VMware Cloud Foundation NSX-V versions 3.x and older.
On Tuesday, October 11th, 2022, Aruba disclosed three critical vulnerabilities impacting EdgeConnect Enterprise Orchestrator. The vulnerabilities, CVE-2022-37913, CVE-2022-37914, CVE-2022-37915, are remote code execution and authentication
Previously published blog post: https://arcticwolf.com/resources/blog/cve-2022-40684/ Recently, Arctic Wolf observed threat actors begin exploiting CVE-2022-40684, a critical remote authentication bypass vulnerability impacting FortiOS, FortiProxy, and FortiSwitchManager.
Previously published blog posts about CVE-2022-41040 and CVE-2022-41082: Microsoft Exchange On-Prem Zero-Day Vulnerabilities Exploited in the Wild Updated Guidance for Microsoft Exchange Zero-Day Vulnerabilities Exploited
Late Thursday, October 6, 2022, Fortinet disclosed a critical remote authentication bypass vulnerability —CVE-2022-40684— impacting FortiOS and FortiProxy. The vulnerability could allow a remote unauthenticated
