Fueled by the need to detect new, emerging threats while supplying meaningful feedback upstream to anticipate and prevent future ones, the modern SOC is the engine that protects organizations worldwide. The heart of that engine is common to all SOCs since they debuted more than a decade ago: people.

On Friday, May 27, 2022, Security vendor nao_sec identified a malicious document leveraging a zero-day remote code execution RCE vulnerability (CVE-2022-30190) in Microsoft Windows Support Diagnostic Tool (MSDT). The actively exploited vulnerability exists when MSDT is called using the URL protocol from a calling application, such as Microsoft Word.

Today’s developers move at increasingly rapid speed – making it more critical than ever to identify and resolve code vulnerabilities early in the software development lifecycle. By tackling security early – instead of waiting until testing and deployment – engineering teams can reduce unnecessary patching and maintenance cycles, reduce risks, and ensure timely delivery of new features.

According to the 2021 IBM X-Force Threat Intelligence Index , the finance and insurance industry sector experienced the most cyber attacks for the fourth year in a row. It’s no mystery why: Hackers go where the money is. And according to Verizon's 2021 Data Breach Investigations Report (DBIR), financial gain was the most common motive in data breaches across all industries: 93 percent of breaches involving companies with fewer than 1,000 employees were financially motivated.

AT&T Alien Labs does a tremendous job of developing and maintaining a database of observed Indicators of Compromise (IOC) that have been involved with at least one customer through the Open Threat Exchange (OTX).

As the attack surface expands and cyber threats continue to evolve, most organizations make security awareness training a key part of their cybersecurity programs. Especially now with growing evidence that social engineering tactics reap big rewards for bad actors and cataclysmic outcomes for enterprises of every size. To wit, a study has found that 88% of all data breaches involve mistakes by employees.

Whether for managing remote teams, supporting ‘bring your own device’ (BYOD) policies, or simply another layer in a data protection strategy, services like Microsoft Intune offer greater control over the devices on your network. But using the data from these services often requires tedious prep work, and this process is likely repeated multiple times a week, if not daily. Tedious, repetitive, structured: these are all signs that a process can and should be automated.

With businesses constantly at risk of cyber threats, leveraging a Security Operations Centre (SOC) is one way for organisations to proactively monitor and manage their threat landscape. Whether it’s in-house or outsourced, a SOC can help companies implement a process-driven security framework that secures business information against the constant threat of a cyber attack.

Of the many industries attracting threat actor attention, the legal sector is gaining heightened interest from run-of-the-mill cybercriminals and nation-state actors alike. In late February, the State Bar of California disclosed that it experienced a breach allowing access to thousands of case records and case profile data, along with confidential court records.

On Wednesday, May 18, 2022, VMware published an advisory (VMSA-2022-0014) to address multiple vulnerabilities, including CVE-2022-22972, an authentication bypass vulnerability affecting VMware Workspace ONE Access, Identity Manager, and vRealize Automation. This vulnerability was assigned a CVSSv3 score of 9.8, making it a critical vulnerability.

The consensus on the state of cybersecurity professionals tends to fall somewhere between “burdened by high volumes of responsibility” and “dangerously understaffed and suffering from unhealthy levels of stress,” depending on how optimistic your source is.

On Thursday, May 12, 2022, Zyxel released a patch advisory for an unauthenticated remote code execution (RCE) vulnerability in their line of Firewall products tracked as CVE-2022-30525. The exploitation of this vulnerability can allow a threat actor to modify specific files and execute code remotely on a vulnerable appliance. Proof of Concept (PoC) exploit code for this vulnerability has been made publicly available via multiple sources.

We are thrilled to announce that Arctic Wolf has made the 2022 CNBC Disruptor 50 list, the company’s tenth annual ranking of the most game-changing private companies using technology to advance their industry. This list identifies fast-growing, innovative start-ups and Arctic Wolf is recognized for its revolutionary role in bringing security operations to organizations of all sizes, leading the few cybersecurity companies included on this year’s list.

On Tuesday, May 10, 2022, security researcher Oliver Lyak published a PoC exploit for CVE- 2022-26923, a privilege escalation vulnerability impacting Active Directory Domain Services with a CVSS score of 8.8 and high severity. The vulnerability allows a threat actor who has already compromised a user account to elevate privileges to Domain Admin, if Active Directory Certificates Services is running on the domain. Microsoft patched the vulnerability in May’s Patch Tuesday release.

The constantly changing world of cybersecurity can leave you longing for an understanding of today's modern threats. A solid foundation of cybersecurity terminology is a great first step toward understanding the world of cyber threats and how to help minimize and mitigate risk for your organization. But with more acronyms added every year, it can be a daunting task to keep up. Thankfully, we're here to help.

The cybersecurity industry has spent a lot of time talking about improving the analyst experience without making significant improvements. Much of the effort has been too focused on trying to find a silver bullet solution. Combine that with a global pandemic and things are just getting worse.

Once a malicious actor has gained initial access to an internal asset, they may attempt to conduct command and control activity.

On Wednesday, May 4, 2022, F5 disclosed a critical-severity vulnerability impacting the iControl REST authentication of BIG-IP systems being tracked as CVE-2022-1388. If successfully exploited, the vulnerability could lead to Authentication Bypass, which could allow a threat actor to execute arbitrary system commands, perform file actions, and disable services on BIG-IP. BIG-IQ Centralized Management, F5OS-A, F5OS-C, and Traffic SDC are not impacted by CVE-2022-1388.

Toil — endless, exhausting work that yields little value in DevOps and site reliability engineering (SRE) — is the scourge of security engineers everywhere. You end up with mountains of toil if you rely on manual effort to maintain cloud security. Your engineers spend a lot of time doing mundane jobs that don’t actually move the needle. Toil is detrimental to team morale because most technicians will become bored if they spend their days repeatedly solving the same problems.

The attacks came from all corners in the past month, as cybercriminals used administrative access codes, stolen internal data, laser-focused programming tools, and even humble job applications to worm their way into organizations' inner workings. Let's look at some of the strange and sinister innovations that shaped the world of cybercrime this April.

Data theft, denial-of-service, ransomware—the world of cyber threats has never been more dangerous, in large part because there’s never been more vulnerabilities.