Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

On January 30, 2023, QNAP Systems Inc. disclosed a new critical vulnerability that could allow remote attackers to inject malicious code on QNAP NAS devices that were exposed to the internet. QNAP has stated that the vulnerability is a SQL Injection flaw being tracked as CVE-2022-27596 and can be abused in low-complexity attacks by unauthenticated malicious remote threat actors without requiring user interaction.

Security teams need to continually bolster their cybersecurity controls and expertise to keep up with the evolving threat landscape. Successful readiness and response to a cybersecurity breach requires the right mix of people, processes and technology. Yet challenges with staffing, technical issues, and budget hamper threat detection and response for too many organizations, creating gaps that threat actors are eager to exploit.

Tomorrow, January 28, marks the annual Global Data Privacy Day, an annual reminder of the importance of safeguarding personal information in our always-connected society. With the boundaries between the online and offline realms becoming increasingly blurred, we find ourselves generating an unprecedented amount of data about ourselves, our loved ones, and our personal lives.

Cybercrime isn’t unique to certain sectors or industries. But some areas are more at risk, like local governments and municipalities. It makes sense, governments not only hold a lot of personal and valuable information on their systems, but government entities are interconnected and critical to the operations of a given area — from police forces to court hearings to basic administration and document processing. It’s a high– value target for hackers.

On Tuesday, January 24th, 2023, VMware disclosed two critical vulnerabilities in VMware vRealize Log Insight that could result in remote code execution (RCE). Although different vulnerability types, both vulnerabilities could allow an unauthenticated threat actor to inject files into the operating system of the vulnerable product which could result in RCE. Both vulnerabilities were responsibly disclosed to VMware and have not been actively exploited in campaigns.

As organizations rethink their responses to persistent, evolving threats such as ransomware, they’re also having to deal with economic shifts, staffing issues, and shrinking budgets, meaning they are having to make tough choices on how to best protect their critical data. To better understand how enterprises are acting, we surveyed 920 decision makers from enterprises across industries in the US, UK, and Germany.

It’s been splashed across headlines and popped up in social media statuses — organizations are evaluating budgets and laying off staff. These layoffs, which have hit departments like marketing and IT across a variety of industries, are more than anecdotal. Our global survey, which took responses from 920 decision makers at enterprises with more than 1,000 employees showed that there is a major shift happening in internal spending and hiring.

Ransomware attacks are rising. Verizon’s 2022 Data Breach Investigation Report found that nearly a quarter of all cyber attacks in the manufacturing industry are ransomware attacks. Why the surge? While the world is still recovering from the pandemic, global markets are dealing with massive economic uncertainty and recession fears. And cybercriminals sense an opportunity.

Ransomware has gone global. While 2022 saw a reprieve in the sheer number of ransomware attacks (the attack rate dropped at the same time as the war between Russia and Ukraine began), it also saw the rise of ransomware-as-a-service, the proliferation of attacks of major organizations, and attacks that stretched across time zones and borders. In 2022, nine of our top 20 breaches involved ransomware (45%), affecting millions of individuals and their private data. That is up 15% over 2021.

Later this week, Horizon3 researchers plan to release a Proof of Concept (PoC) exploit for CVE-2022-47966, a critical unauthenticated, remote code execution vulnerability in multiple ManageEngine products. Note: CVE-2022-47966 is dependent on the specific ManageEngine product. Some products are vulnerable if SAML single-sign-on is enabled OR has ever been enabled, while others require SAML single-sign-on to be currently enabled.