Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

On January 4, 2024, Atlassian disclosed CVE-2023-22527, a template injection vulnerability affecting Confluence Data Center and Server versions 8.0.0 to 8.5.3. The vulnerability allows for unauthenticated remote code execution to be achieved on affected versions of the software. Arctic Wolf Labs has observed evidence of C3RB3R ransomware, as well as several other malicious payloads, being deployed following exploitation of CVE-2023-22527. We present our preliminary findings here.

On February 2, 2024, AnyDesk confirmed a compromise of its production systems in a security advisory, leading the company to revoke all security-related keys, including the cryptographic code-signing certificate used to publish their software. As an additional precaution, AnyDesk also reset user passwords on the AnyDesk web portal. AnyDesk has started using a new code signing certificate as of AnyDesk version 8.0.8.

On January 31, 2024, Ivanti published an article disclosing two high severity vulnerabilities: CVE-2024-21893: A server-side request forgery flaw present in the SAML component of Ivanti Connect Secure, Ivanti Policy Secure, and Ivanti Neurons. This vulnerability allows an unauthenticated threat actor to access restricted resources. Ivanti reports that a limited number of customers have been affected by this vulnerability.

Microsoft PowerShell is a ubiquitous piece of software. It’s also, unfortunately, a major attack vector for threat actors. Once a threat actor has initial access into a network, they can utilize the commands and scripts components of PowerShell to conduct reconnaissance or inject fileless malware into the network. This activity is so common it’s continually listed as one of the top tactics, techniques, and procedures (TTPs).

On January 22, 2024, Fortra publicly disclosed a critical vulnerability, CVE-2024-0204, in their GoAnywhere MFT product. This vulnerability, which was responsibly disclosed to Fortra by Spark Engineering Consultants, had been patched on December 7, 2023. CVE-2024-0204 is a severe authentication bypass vulnerability with a CVSS score of 9.8.

If a malware attack is successful, it can result in lost revenue, unexpected down time, stolen data, and more costly consequences. With over 450,000 new malicious programs registered each day by independent IT security institute AV-Test, malware may be the biggest threat to your organization. There are many different types of malware and attackers are continually innovating more complex, harder-to-detect versions. Now is the time to take proactive steps to protect your organization.