Recorded Future revealed that 18 out of the approximately 2,400 newly disclosed vulnerabilities in August 2023 were high-risk. Two of which are confirmed zero-day vulnerabilities affecting Microsoft and Ivanti products.
Key Findings
- In August 2023, 2 confirmed zero-day vulnerabilities affected Microsoft and Ivanti products.
- In threat campaigns that attracted the highest attention from threat researchers, threat actors chained the exploitation of multiple vulnerabilities together to enable more severe effects.
- Microsoft patched 1 new zero-day vulnerability and released a Defense in Depth Update to fix a patch-bypass flaw affecting a vulnerability that was patched in July 2023 and previously exploited by RomCom to target guests of the July 2023 NATO Summit.
- 18 of the approximately 2,400 vulnerabilities disclosed in August 2023 were high-risk, according to Recorded Future data.
Empasis on cybersecurity
Maggie Coleman, intelligence analyst at Recorded Future’s Insikt Group said that combining multiple vulnerabilities into a chain of attack is not a new strategy deployed by threat actors but an evolving tactic that enterprises need to be aware of.
“Rather than focusing on basic cybersecurity hygiene and best practices, organisations should instead identify and implement the right cybersecurity playbooks, processes, and tools to proactively protect their businesses, customers, and people. This proactiveness can be done through the quick identification and remediation of high-impact vulnerabilities before they can be exploited by threat actors.”