On July 24th, 2023, Ivanti released a security advisory detailing a remote authentication bypass vulnerability (CVE-2023-35078) affecting Ivanti Endpoint Manager Mobile. This vulnerability, with a CVSS score of 10, allows unauthenticated access to specific API paths, which could allow a threat actor to obtain personal identifiable information (PII) such as names, phone numbers, and other mobile device details.

Since the fallout of Conti ransomware in mid-2022, Conti-affiliated threat actors have splintered off and developed or joined other ransomware groups to continue extorting victim organizations. Due to Conti’s source code being leaked, attribution back to the Conti ransomware group via code overlap is much more difficult. However, leveraging blockchain analysis, we can begin to discern what ransomware groups Conti-affiliated threat actors have worked with; one such group is Akira.

In recent years, cyber attacks have been on the rise around the globe. In 2022, the median initial ransom amount rose to $500,000 as more public sectors fell victim to malicious attacks. In Australia, climbing cyber attacks have damaged the country’s vital infrastructure, with lasting and costly consequences. Major industries in Australia — including manufacturing, finance, foreign communications, and the healthcare sector — have been targets of cyber attacks.

In today’s interconnected world, the reliance on secure file transfer software is paramount for businesses dealing with sensitive data. Among these tools, MOVEit Transfer software has been a popular choice worldwide, especially in the US, to ensure secure file transfers. However, recent events have exposed its vulnerabilities, leading to the active exploitation by the CI0p ransomware group.

On July 18th, 2023, Citrix disclosed a critical authentication bypass vulnerability affecting several versions of Citrix ADC and Citrix Gateway (CVE-2023-3519). The vulnerability was identified by independent security researchers, and was responsibly disclosed to Citrix. This vulnerability could allow a threat actor to execute arbitrary code on affected appliances and may also serve as an initial access vector for ransomware and other types of malicious campaigns.

The rise of remote work and the move to the cloud, as well as the rising rate and increased complexity of cyber attacks, have fundamentally changed the security landscape. Set-it-and-forget it tools are no longer enough. To truly protect yourself from modern cyber threats you need 24×7 monitoring, detection and response. However, even that doesn’t look the same anymore.

On July 12th, 2023, SonicWall published a security advisory detailing fifteen security vulnerabilities in Global Management Suite (GMS) and Analytics. Among these vulnerabilities, Arctic Wolf has highlighted four in this bulletin which received a Common Vulnerability Scoring System (CVSS) rating of critical. The following vulnerabilities can allow an unauthenticated threat actor to view, modify, or delete data that the application is able to access.

A manufacturing organization became the target of a business email compromise (BEC) attack. The threat actor utilized stolen credentials and then hoped a prompt-bomb attack will work — it did, and the threat actor was able to take over the user’s inbox. While, thankfully, this incident was detected and responded to by Arctic Wolf before more damage was done, BEC attacks are becoming more common and more successful by the month.

On July 11th, 2023, Fortinet published a security advisory detailing a remote code execution vulnerability affecting FortiOS and FortiProxy (CVE-2023-33308). This stack-based overflow vulnerability affects proxy policies and/or firewall policies with proxy mode and SSL deep packet inspection enabled. This CVE was discovered and responsibly disclosed to Fortinet by security researchers.

Too often, organizations find themselves stuck in a cycle of reacting to threats; figuring out how to stop a business email compromise attack or trying to find a threat actor who’s activated malware in the system. This leaves often short-staffed and overworked IT teams without the bandwidth to focus on the proactive side of cybersecurity.