SecOps

CVE-2022-3236 - Remote Code Execution Vulnerability in Sophos Firewall

Sep 26, 2022 By Sule Tatar In Arctic Wolf

On Friday, September 23, 2022, Sophos disclosed a critical code injection vulnerability impacting Sophos Firewall. This vulnerability, assigned CVE-2022-3236, affects Sophos Firewall versions v19.0 MR1 (19.0.1) and older and could lead to remote code execution. In order for a threat actor to exploit this vulnerability, WAN access would need to be enabled for the Webadmin and User Portal consoles.

Read Post

Arctic Wolf

Read more about CVE-2022-3236 - Remote Code Execution Vulnerability in Sophos Firewall

16 Threat Intelligence Terms Everyone Should Know

Sep 23, 2022 By Sule Tatar In Arctic Wolf

Understanding the ins and outs of threat intelligence can be complicated for an organization. If your business is anything but cyber, it’s understandable to be overwhelmed by terms like ransomware, cryptocurrency, and DDoS attacks, especially in relation to your systems and assets. That’s okay.

Read Post

Arctic Wolf

Read more about 16 Threat Intelligence Terms Everyone Should Know

How Wiz and Torq Combine to Mitigate Existential Cloud Security Threats

Sep 23, 2022 By Leonid Belkind In Torq

A single cloud security incident can stop an enterprise in its tracks, sometimes resulting in irreparable damage to its operation, reputation, and customer loyalty. One key strategy for preventing such incidents is combining complementary cybersecurity tools to defeat threats at scale. A coherent Cyber Security Incident Response Planning (CSIRP) approach requires enterprises to select and integrate the right tools before a security incident occurs.

Read Post

Torq

Read more about How Wiz and Torq Combine to Mitigate Existential Cloud Security Threats

Insight Into The Strengthening America Cybersecurity Act

Sep 22, 2022 By Arctic Wolf In Arctic Wolf

Signed into law in March of 2022, the Strengthening American Cybersecurity Act (SACA) gives federal authorities an overview of all cyber attacks against critical infrastructure in the United States for the very first time. SACA has three parts: SACA comes at a time when governments are facing a significant paradigm shift.

Read Post

Arctic Wolf

Read more about Insight Into The Strengthening America Cybersecurity Act

What We Can Learn from the 'Prompt-bomb' Uber Hack

Sep 21, 2022 By Arctic Wolf In Arctic Wolf

It was the worst-case scenario for Uber, the popular ride-sharing app, when the company suffered a major data breach in early September. While the extent of the damage, and the data potentially stolen, is still being uncovered, the attack — and the methods used to execute it — can be examined and used to teach other organizations what (and what not) to do.

Read Post

Arctic Wolf

Read more about What We Can Learn from the 'Prompt-bomb' Uber Hack

What Happened in the Uber Breach? | Beyond the Breach

Sep 20, 2022 By Arctic Wolf In Arctic Wolf

Uber’s information systems were recently breached, and it appears it all started with a hacker targeting one employee. Get the full rundown of what happened in this episode of Beyond the Breach.

View Video

Arctic Wolf

Read more about What Happened in the Uber Breach? | Beyond the Breach

Initial Access Brokers: What They Are, How They Gain Access, and Who Uses Their Services

Sep 19, 2022 By Sule Tatar In Arctic Wolf

Imagine a burglar. They’ve spent large amounts of time researching their target — your house. They’ve perfected their infiltration techniques, found your weak points, learned your schedule, and know the best time to strike. They’ve shown up when you least expect it and jimmied open the lock on the back door. And now, rather than head inside and steal your valuables, they hold the door open for someone else.

Read Post

Arctic Wolf

Read more about Initial Access Brokers: What They Are, How They Gain Access, and Who Uses Their Services

Torq Delivers on the Promise of Parallel Execution

Sep 15, 2022 By Kelsey Jones In Torq

Security operations professionals are constantly being pushed to the edge of their capacities. They’re dealing with endless manual processes and managing tasks sequentially, because of the limitations of their security tools and options. They’ve dreamed of being able to execute more tasks simultaneously to quickly enrich, analyze, contain, and resolve security threats. Today, Torq is proud to introduce Parallel Execution, which makes those capabilities a reality.

Read Post

Torq

Read more about Torq Delivers on the Promise of Parallel Execution

Lorenz Ransomware Intrusion: Understanding Your Risk

Sep 14, 2022 By Arctic Wolf In Arctic Wolf

The Arctic Wolf Labs team recently investigated a Lorenz ransomware intrusion, which leveraged a Mitel MiVoice VOIP appliance vulnerability (CVE-2022-29499) for initial access and Microsoft’s BitLocker Drive Encryption for data encryption. Lorenz is a ransomware group that has been active since at least February 2021 and like many ransomware groups, performs double-extortion by exfiltrating data before encrypting systems. Over the last quarter, the group has primarily targeted small and medium businesses (SMBs) located in the United States, with outliers in China and Mexico.

View Video

Arctic Wolf

Read more about Lorenz Ransomware Intrusion: Understanding Your Risk

Chiseling In: Lorenz Ransomware Group Cracks MiVoice And Calls Back For Free

Sep 12, 2022 By Markus Neis, Ross Phillips, Steven Campbell, Teresa Whitmore, Alex Ammons, and Arctic Wolf Labs Team In Arctic Wolf

The Arctic Wolf Labs team recently investigated a Lorenz ransomware intrusion, which leveraged a Mitel MiVoice VoIP appliance vulnerability (CVE-2022-29499) for initial access and Microsoft’s BitLocker Drive Encryption for data encryption. Lorenz is a ransomware group that has been active since at least February 2021 and like many ransomware groups, performs double-extortion by exfiltrating data before encrypting systems.

Read Post