On February 20, 2024, we published a security bulletin detailing newly disclosed authentication bypass and path traversal vulnerabilities in ConnectWise ScreenConnect. Shortly after the bulletin
On February 19, 2024, ConnectWise published a security bulletin detailing two critical vulnerabilities within their on-premises ScreenConnect software. At the time of writing, these vulnerabilities
On February 13, 2024, Microsoft published their February 2024 security update with patches for 73 vulnerabilities. Among these vulnerabilities, Arctic Wolf has highlighted 5 vulnerabilities
On February 8, 2024, Fortinet’s FortiGuard disclosed two critical vulnerabilities affecting FortiOS. CVE-2024-23113, a format string vulnerability, and CVE-2024-21762, an out-of-bounds write vulnerability, could allow
On February 8, 2024, Ivanti publicly disclosed a high-severity authentication bypass vulnerability (CVE-2024-22024) impacting Ivanti Connect Secure, Policy Secure, and ZTA products. CVE-2024-22024 is an
On February 5, 2023, JetBrains published a blog describing a critical vulnerability (CVE-2024-23917) affecting the On-Premises Servers of TeamCity. An unauthenticated threat actor with HTTP(S)
On February 7, 2024, CISA issued an advisory detailing their discoveries concerning state-sponsored cyber actors linked to the People’s Republic of China (PRC). Notably, the
On February 2, 2024, AnyDesk confirmed a compromise of its production systems in a security advisory, leading the company to revoke all security-related keys, including
On January 31, 2024, Ivanti published an article disclosing two high severity vulnerabilities: CVE-2024-21893: A server-side request forgery flaw present in the SAML component of
On January 22, 2024, Fortra publicly disclosed a critical vulnerability, CVE-2024-0204, in their GoAnywhere MFT product. This vulnerability, which was responsibly disclosed to Fortra by
On January 16, 2024, Citrix published a security bulletin disclosing two zero-day vulnerabilities (CVE-2023-6548 & CVE-2023-6549) being actively exploited in Citrix NetScaler ADC and NetScaler
On January 10, 2024, Juniper Networks released patches to remediate a critical vulnerability (CVE-2024-21591) in Junos SRX and EX series devices. CVE-2024-21591 could allow a
On January 10, 2024, Cisco disclosed a critical vulnerability, CVE-2024-20272, with a CVSS score of 7.3, in their Cisco Unity Connection software. This vulnerability allows
In mid-December 2023, Volexity observed UTA0178–a potential Chinese nation-state threat actor–leveraging two zero-day vulnerabilities in Ivanti Connect Secure (formerly known as Pulse Connect Secure) VPN
On January 9, 2024, Microsoft published their January 2024 security update with patches for 48 vulnerabilities. Among these vulnerabilities, Arctic Wolf has highlighted 3 in
On January 4, 2024, Ivanti published a security advisory regarding a SQL injection vulnerability in their Endpoint Manager (EPM) solution, CVE-2023-39336. The vulnerability was rated
On December 20, 2023, Ivanti announced that 20 vulnerabilities in Ivanti Avalanche On-Prem were patched in the product’s latest update. Arctic Wolf has highlighted 13
On December 13, 2023, threat actors began exploitation attempts against CVE-2023-50164, a critical-severity remote code execution (RCE) vulnerability impacting Apache Struts, an open-source framework used
On November 14, 2023, FortiGuard published an advisory disclosing that a critical command injection vulnerability (CVE-2023-36553) had been patched in the latest updates for FortiSIEM.
On November 21, 2023, ownCloud published advisories on three security vulnerabilities. The most severe of these vulnerabilities is an information disclosure vulnerability tracked as CVE-2023-49103
On Tuesday, December 5, 2023, Atlassian published fixes for four critical-severity remote code execution (RCE) vulnerabilities impacting a variety of Atlassian products, including Atlassian Confluence
On November 23, 2023, Arcserve released Arcserve Unified Data Protection (UDP) 9.2 to address three vulnerabilities, including a critical-severity remote code execution (RCE) vulnerability. Subsequently
Summary In July 2023, Adobe fixed a high severity access control bypass vulnerability (CVE-2023-29298, CVSS 7.5) in Adobe ColdFusion. Adobe ColdFusion is a web application
Arctic Wolf has recently worked on multiple incident response cases where we have observed a Cactus ransomware campaign exploiting vulnerabilities in Qlik Sense to gain
Beginning on at least October 20, 2023, a North Korea-linked threat actor, tracked as Diamond Sleet by Microsoft, leveraged a modified CyberLink installer to compromise
On August 10, 2023, CrushFTP released an advisory regarding a vulnerability affecting versions of CrushFTP lower than 10.5.1. Since then, the vulnerability has been tracked
On November 14, 2023, Microsoft published their November Security Update with patches for 63 vulnerabilities. Among these vulnerabilities, Arctic Wolf has highlighted five in this
On November 6, 2023, Veeam published security hotfixes for two critical-severity vulnerabilities impacting Veeam ONE. CVE-2023-38547 (CVSS 9.9) could allow an unauthenticated threat actor to
On November 2, 2023, SysAid was notified by Microsoft of a zero-day path traversal vulnerability allowing for remote code execution, which affects their on-premises ITSM
On November 4, 2023, QNAP published security advisories for two critical command injection vulnerabilities impacting multiple versions of QNAP operating systems and applications related to
