WinRAR flaw CVE-2023-38831 0-day in GoAnywhere MFT CVE-2023-0669 Citrix Bleed CVE-2023-4966 Barracuda Email Security Gateway flaw CVE-2023-2868 What What MOVEit flaw CVE-2023-34362 Zoho’s ManageEngine ServiceDesk flaw CVE-2022-47966 + SQL injection vulnerability in MOVEit Transfer web application used worldwide + Disclosed in May 2023 + Remote code execution flaw + Identified Jan. 2023 Actively exploited by Cl0p ransomware group against victims worldwide: 2,600+ victim organizations with personal data of 84M individuals hacked Exploited by nation-state groups, e.g. North Korean Lazarus APT group Who Who What What + Enables attackers to execute arbitrary code + Identified Aug. 2023 + Remote code execution vulnerability + Discovered Jan. 2023 Exploited by Russian APT28 group in ongoing cyber espionage campaign against targets in 13+ nations + Lockbit Ransomware’s affiliates exploited it as an initial attack vector + Reportedly enabled mass hacking of 130+ companies Who Who What What + Affects NetScaler appliances by allowing threat actors to bypass password requirements & MFA + In late Nov. 2023, U.S. CISA stated that 1000s of organizations are vulnerable + Remote comm& injection vulnerability + Detected May 2023 + Targeted by nation-states & cybercriminals + Major companies were attacked by LockBit ransomware group using this vulnerability, e.g. Boeing China-linked hackers sent emails to targeted organizations to deliver custom backdoors Who Who Year of GenAI 2 Key Findings 1 Threat Snapshot 3 Vulnerability Intelligence 4 Stolen Access Credentials 6 Tips 7 Ransomware 5