In our modern world, we constantly share private, confidential, and sensitive information over digital channels. A fundamental component of this communication is file encryption — transforming data into an unreadable format using encryption algorithms.

On November 21st, the Cybersecurity and Infrastructure Security Agency (CISA), Federal Bureau of Investigation (FBI), Multi-State Information Sharing & Analysis Center (MS-ISAC), and Australian Signals Directorate’s Australian Cyber Security Center (ASD’s ACSC) released an advisory highlighting the ongoing exploit of the Citrix Bleed Vulnerability (CVE-2023-4966) by Lockbit 3.0 affiliates.

In 2022, more than 25,000 new CVEs were discovered and added to the NIST National Vulnerability Database. In just the first ten months of 2023, another 23,500 CVEs were identified and added to the NIST NVD. That’s more than 48,000 new vulnerabilities documented in less than 2 years! With so many new CVEs being identified all the time, vulnerability management can seem like an insurmountable challenge. Despite the staggering numbers, there’s good news.

On November 16, 2023, a significant security concern was published by Google's Threat Analysis Group (TAG). They revealed an alarming vulnerability in Zimbra Collaboration, a widely-used email hosting tool for organizations. This vulnerability, designated with an identifier, CVE-2023-37580, is a glaring example of a reflected cross-site scripting (XSS) issue. It allows malicious scripts to be injected into unsuspecting users' browsers through a deceptively simple method: clicking on a harmful link.

The Malware-as-a-Service (MaaS) model, and its readily available scheme, remains to be the preferred method for emerging threat actors to carry out complex and lucrative cyberattacks. Information theft is a significant focus within the realm of MaaS, with a specialization in the acquisition and exfiltration of sensitive information from compromised devices, including login credentials, credit card details, and other valuable information.