Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

On November 4, 2023, QNAP published security advisories for two critical command injection vulnerabilities impacting multiple versions of QNAP operating systems and applications related to the vendor’s network-attached storage (NAS) devices. Both vulnerabilities have been given critical CVSS scores (CVE-2023-23368: 9.8, CVE-2023-23369: 9.0) and both can lead to unauthenticated, remote threat actors executing commands if successfully exploited.

On November 2, 2023, SysAid was notified by Microsoft of a zero-day path traversal vulnerability allowing for remote code execution, which affects their on-premises ITSM solution. In the investigation conducted by SysAid, it was determined that the vulnerability was being actively exploited by a ransomware affiliate group known as Lace Tempest (DEV-0950), a group known for deploying the CL0P ransomware payload.

On November 6, 2023, Veeam published security hotfixes for two critical-severity vulnerabilities impacting Veeam ONE. At this time, Arctic Wolf has not identified active exploitation of either vulnerability, nor a published proof of concept (PoC) exploit. Although threat actors have not historically targeted Veeam ONE products, obtaining RCE on the monitoring and analytics platform will likely increase the potential for threat actors to create a working PoC exploit and attempt exploitation.

Most cloud providers use a shared security responsibility model, meaning they secure some areas of the environment but expect the customer to establish security controls in others. AWS is one of the many cloud providers that follow the concept of shared responsibility. Generally speaking, they split responsibility into two categories. AWS focuses on the security of the cloud, such as the infrastructure that runs all AWS services.

In early November, the cybersecurity community witnessed the exploitation of a zero-day vulnerability in Confluence Data Center and Server. This critical vulnerability was related to Improper Authorization and assigned CVE-2023-22518 identifier. In this blog, we delve into the details of these vulnerabilities, their implications, and the necessary mitigation steps to protect your digital assets.

Philadelphia, PA, November 9, 2023 – Leading cyber risk management and threat intelligence provider Outpost24 today announced the release of Threat Explorer, an advanced vulnerability intelligence and custom alerting tool for continuous threat monitoring.

On July 14, CISA published an industrial control system (ICS) advisory about two new critical vulnerabilities affecting Rockwell Automation ControlLogix communication modules: CVE-2023-3595 and CVE-2023-3596. CISA and Rockwell Automation recommended that asset owners patch vulnerable devices and add controls such as segmenting networks and using network intrusion detection.