Summary of Vulnerabilities & Threats: May 2023

Threat Digests

Summary of Vulnerabilities & Threats: May 2023

Vulnerabilities ExploitedAdversaries in ActionAttacks ExecutedTop Targeted
Countries
Top Targeted
Industries
MITRE
ATT&CK TTPs
212047

Philippines
Turkey
India
United Arab Emirates
Afghanistan

Government
Manufacturing
Education
Financial
Healthcare
219

 

Download the pdf file to learn more

Summary

In May, the cybersecurity community witnessed significant attention drawn to the discovery of nine zero-day vulnerabilities. Among them was the Celebrity Vulnerability, exploited by GoldenJackal APT and MEME#4CHAN phishing campaign deploy Xworm, which heightened the sense of urgency among security teams to patch their systems.

The month of  May saw a rise in ransomware attacks, with various strains such as CACTUS, Rancoz, CryptNet, MichaelKors, Buhti, BianLian, and Bl00dy actively targeting victims. As ransomware continues to evolve and grow in sophistication, organizations must take steps to protect themselves by implementing comprehensive backup and disaster recovery strategies and training employees on how to recognize and avoid phishing attacks.

Finally, the unpatched vulnerabilities, CVE-2023-29552, which can lead to a Denial-of-Service Attack and result in potential losses of up to $120,000, and  CVE-2018-5713, exploited by Earth Longzhi APT, have been actively utilized in attacks.

Download the pdf file to learn more