Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

As the United States gears up for the 2024 election, the significance of cybersecurity for state and local governments cannot be overstated. In an era where digital threats are increasingly sophisticated, robust cybersecurity measures are essential to protect both the critical election infrastructure and the integrity of elections itself.

Arctic Wolf Labs is aware of several instances of ransomware cases where the victim organizations were contacted after the original compromise for additional extortion attempts. In two cases investigated by Arctic Wolf Labs, threat actors spun a narrative of trying to help victim organizations, offering to hack into the server infrastructure of the original ransomware groups involved to.

On December 20, 2023, Ivanti announced that 20 vulnerabilities in Ivanti Avalanche On-Prem were patched in the product’s latest update. Arctic Wolf has highlighted 13 of these vulnerabilities in this bulletin that were rated as critical severity and could lead to remote code execution (RCE) or Denial of Service (DoS).

On December 13, 2023, threat actors began exploitation attempts against CVE-2023-50164, a critical-severity remote code execution (RCE) vulnerability impacting Apache Struts, an open-source framework used to create Java Web applications. Based on current intelligence, the threat actors are leveraging a publicly published proof of concept (PoC) exploit.

On November 14, 2023, FortiGuard published an advisory disclosing that a critical command injection vulnerability (CVE-2023-36553) had been patched in the latest updates for FortiSIEM. The vulnerability was rated with a Common Vulnerability Scoring System (CVSS) score of 9.3, as it can be exploited remotely by an unauthenticated threat actor using crafted API requests to execute unauthorized commands. This vulnerability is caused by improper neutralization of special elements in FortiSIEM report server.

On Tuesday, December 5, 2023, Atlassian published fixes for four critical-severity remote code execution (RCE) vulnerabilities impacting a variety of Atlassian products, including Atlassian Confluence Server and Data Center. The vulnerabilities were discovered by Atlassian as part of a security review and have not been actively exploited by threat actors. Additionally, we have not observed a public proof of concept (PoC) exploit published for any of the vulnerabilities.