Security experts are urgently warning about the vulnerability of thousands of Qlik Sense servers to potential ransomware attacks by the troubling Cactus group. Despite prior disclosures of vulnerabilities by Qlik, many organisations remain at risk due to unpatched systems.
Qlik, an eminent player in data visualisation and business intelligence, disclosed two critical vulnerabilities, known as CVE-2023-41266 and CVE-2023-41265, in August last year. These flaws, when exploited together, enable remote attackers to execute arbitrary code on vulnerable systems. Additionally, a subsequent disclosure in September, CVE-2023-48365, revealed a bypass of Qlik’s initial fix, leaving systems vulnerable to exploitation.
Recent reports highlight the active exploitation of these vulnerabilities by the Cactus ransomware group to infiltrate target environments. Despite warnings from security vendors like Arctic Wolf, ongoing attacks persist. A recent scan by Fox-IT uncovered over 5,000 internet-accessible Qlik Sense servers, with a significant portion still vulnerable to exploitation.
Countries such as the US, Italy, Brazil, Netherlands, and Germany face a concerning number of vulnerable servers, elevating the risk for organisations in these regions. In response, security organisations like Fox-IT and the Dutch Institute for Vulnerability Disclosure (DIVD) have launched efforts under Project Melissa to disrupt Cactus group operations.
Upon identifying vulnerable servers, Fox-IT and DIVD have actively notified affe
[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.