Many organizations remain dangerously vulnerable to the Cactus ransomware group, despite security researchers warning of the threat five months ago. The Cactus ransomware group exploits three vulnerabilities in QlikSense’s data analytics and business intelligence platform. Two vulnerabilities were released in August and September by Qlik, which were identified as CVE-2023-41266 and CVE-2023-41265. In August, the company disclosed two vulnerabilities in multiple versions of Qlik Sense Enterprise for Windows that CVE-2023-41266 and CVE-2023-41265 tracked.
As a result of these vulnerabilities, an attacker can execute arbitrary code on affected systems remotely, unauthenticated, and in a chain. A vulnerability in Qlik CVE-2023-48365 was released in September, which proved to be a bypass of Qlik’s fix for the two previously disclosed flaws from August. Two months later, Arctic Wolf reported that operators of the Cactus ransomware had exploited the three vulnerabilities to gain a foothold in targeted systems by exploiting the three vulnerabilities.
During that period, the vendor was alerting customers of multiple instances of receiving attacks through Qlik Sense vulnerabilities and warned of a rapidly developing Cactus group campaign at the time. It appears that many organizations have not received the memo yet, as a scan conducted by Fox-IT on April 17 revealed that of the 5,205 QlikSense servers that were still susceptible to the exploits of Cactus Gr
[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.
[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.
This article has been indexed from CySecurity News – Latest Information Security and Hacking Incidents
Read the original article: