August 2023’s High-Risk Vulnerabilities and Evolving Threat Tactics

Explore the August 2023 cybersecurity terrain, featuring high-risk vulnerabilities, zero-day threats, and evolving attack tactics. Stay informed and proactive in safeguarding your digital assets

Recorded Future, an intelligence company, has published its monthly CVE Monthly report today. The report unveils that out of the approximately 2,400 newly revealed vulnerabilities in August 2023, 18 of them received high-risk scores. Among these, two were confirmed zero-day vulnerabilities that affected Microsoft and Ivanti products.

In the August 2023 edition of the Recorded Future CVE Monthly report, cybersecurity researchers have drawn attention to the growing utilization of exploit chains, also known as vulnerability chains, by cybercriminals. These chains are employed to enhance the effectiveness and impact of attacks on various systems and devices. Notably, exploitation chaining was observed in recently patched vulnerabilities within Juniper Network’s J-Web. Threat actors exploited four vulnerabilities to target Juniper EX switches and SRX firewalls, ultimately enabling remote code execution (RCE).

Maggie Coleman, an Intelligence Analyst with Recorded Future’s Insikt Group, remarked, “The practice of combining multiple vulnerabilities into an attack chain is not a new strategy among cybercriminals but is an evolving tactic that organizations in Singapore should remain vigilant about.” Coleman emphasized that organizations should shift their focus from basic cybersecurity practices to implementing the appropriate cybersecurity playbooks, processes, and tools. This proactive approach is crucial for safeguarding their businesses, customers, and stakeholders by swiftly identifying and addressing high-impact vulnerabilities before threat actors can exploit them.

The Recorded Future CVE Monthly reports primarily assess the top vulnerabilities disclosed by eight major software vendors: Microsoft, Adobe, Oracle, Google, Apple, Apache, Linux, and Cisco. These reports include comprehensive data such as the total number of vulnerabilities disclosed during the reporting period, the count of critical and zero-day vulnerabilities, actively exploited vulnerabilities at the time of the report, and significant trends and noteworthy vulnerabilities.

Additional notable findings from the August 2023 report are as follows:

• Microsoft continued to experience a consistent impact from actively exploited zero-day vulnerabilities, month after month.
• Microsoft addressed a new zero-day vulnerability and released a Defense in Depth Update to rectify a patch-bypass flaw that affected a vulnerability patched in July 2023, which had been previously exploited by RomCom to target attendees of the July 2023 NATO Summit.
• Ivanti issued a warning to its customers regarding a critical zero-day vulnerability, known as CVE-2023-38035, which allowed authentication bypass and affected its Sentry (formerly known as MobileIron Sentry) security product.
• CVE-2023-38035 was linked with two previously disclosed vulnerabilities affecting Ivanti’s Endpoint Manager Mobile (EPMM), identified as CVE-2023-35078 (an authentication bypass flaw) and CVE-2023-35081 (a vulnerability enabling arbitrary file-write). Both CVE-2023-35078 and CVE-2023-35081 were patched in July 2023.

In the ever-evolving landscape of cybersecurity, the findings from August 2023 serve as a stark reminder of the persistent threats organizations face. As high-risk vulnerabilities and zero-day exploits continue to challenge even the most vigilant defenders, the imperative for proactive measures becomes clear. Staying ahead of cybercriminals requires not only patching known vulnerabilities but also anticipating new tactics and bolstering defenses accordingly. With each month’s revelations, the cybersecurity community gains valuable insights that can help fortify digital fortresses. The road ahead may be challenging, but armed with knowledge and a commitment to best practices, organizations can navigate the cyber landscape with greater resilience and confidence, ensuring that they stay one step ahead of those who seek to breach their security.