More CyberWatch

November 15, 2023

Microsoft November 2023 Patch Tuesday: Multiple Zero-day Fixes

Every second Tuesday of the month, Microsoft releases many security fixes to several of its software solutions. This is known as “Patch Tuesday.” This time, several critical vulnerabilities and zero-days have been remediated. A total of five zero-day vulnerabilities, three critical vulnerabilities, and more than 50 other vulnerabilities of varying severity were addressed. This report covers only the most critical and notable vulnerabilities.

Read more
November 14, 2023

Sneaky ScreenConnect Scheme Targets Healthcare

A targeted cyber-attack involving the abuse of the ScreenConnect remote access tool has been identified, impacting multiple healthcare organizations in the U.S. Notably, the threat actors exploited local ScreenConnect instances affiliated with Transaction Data Systems (TDS), a comprehensive pharmacy supply chain and management systems provider. The attacks were detected between October 28 and November 8, 2023, with ongoing activity raising concerns. The assailants, identified by Huntress, a managed security research organization, demonstrated advanced tactics, installing additional tools like AnyDesk to maintain persistent access.

Read more
November 13, 2023

Critical Linux Kernel Vulnerability Affecting NetApp Products

A Critical vulnerability has been identified within NetApp products categorized as CVE-2023-45871. This vulnerability was identified was discovered and reported to NVD on 10/19/2023 and was recently reported affecting NetApp products on 11/10/2023. This vulnerability affects Linux kernel versions prior to 6.5.3 and as multiple NetApp products utilize the Linux kernel, they are vulnerable.

Read more
November 10, 2023

SysAid On-Prem Zero Day! Patch now!

A zero-day vulnerability has been identified in SysAid On-Prem Software known as CVE-2023-47246. Not much information is available about this vulnerability in the National Vulnerability Database, but SysAid has provided a blog post explaining the situation. On November 2nd, 2023, a potential vulnerability on their on-premises software was brought to their attention. Through internal and third-party services, they concluded that a zero-day vulnerability existed in the SysAid On-Prem Software. The vulnerability was identified as a path traversal vulnerability leading to code execution which was exploited by a threat actor known as Lace Tempest, identified by the Microsoft Threat Intelligence team.

Read more
November 8, 2023

Critical QNAP NAS OS Vulnerability

A vulnerability of critical-severity Chas been identified on several QNAP operating system versions. It is identified as CVE-2023-23368 and has a CVSS score of 9.8. If exploited it can allow users to execute commands via a network according to QNAP.

Read more
November 6, 2023

Critical Vulnerability in Cisco Firepower Management Center

A critical vulnerability has been identified for the Cisco Firepower Management Center (FMC) Software known as CVE-2023-20048, CVSS score 9.9. It can allow for an authenticated, remote attacker to execute unauthorized configuration commands on a firepower threat defense device managed by this software. To exploit this vulnerability, an attacker would need valid credentials on the FMC software.

Read more
November 6, 2023

Henry Schein Victim of Healthcare Attack

On October 15, 2023, healthcare giant Henry Schein fell victim to a cyberattack by the BlackCat (ALPHV) ransomware gang. The attack forced the company to take precautionary measures, resulting in temporary disruptions to its manufacturing and distribution businesses. Henry Schein, a Fortune 500 company with operations in 32 countries and revenue exceeding $12 billion in 2022, promptly notified law enforcement authorities and engaged external cybersecurity experts to investigate a potential data breach. The organization's network was compromised through a cyberattack by the BlackCat (ALPHV) ransomware gang. The specific attack method has not yet been disclosed. Initial signs of the incident were detected on October 14, 2023.

Read more
November 3, 2023

Patch to Critical BIG-IP Vulnerability Now Available

UPDATE: CISA has added this vulnerability (CVE-2023-46747) to their known exploited vulnerabilities list as of 11/2/2023. The vendor has also updated their security bulletin under the "Indicators of compromise" section as they have observed threat actors using this vulnerability in conjunction with CVE-2023-46748 to perform an exploit. Patch now!

Read more
November 2, 2023

Critical Apache ActiveMQ Vulnerability. Patch Now!

Apache Active MQ, a scalable open-source message broker, has a critical vulnerability. It is identified as CVE-2023-46604 a Critical rated vulnerability with a CVSS 3.0 score of 10, the maximum value. According to NVD, it is a remote code execution vulnerability which may allow a remote attacker with network access to a broker to run arbitrary shell commands by manipulating serialized class types in the OpenWire protocol.

Read more