Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Latest Posts

Understanding the Lines Between EDR, NDR, TDR, XDR, and MDR

The world of cybersecurity doesn’t lack for acronyms. Whether it’s protocols and standards or tools and technology, the market is dominated by an endless array of capital letters. In recent years, as both technology and threat actors have evolved, more and more platforms are branding themselves with “D’s” and “R’s” for “detection and response.”

CVE-2023-41727, CVE-2023-46220, CVE-2023-46261, and More: Multiple Critical Vulnerabilities Patched in Ivanti Avalanche

On December 20, 2023, Ivanti announced that 20 vulnerabilities in Ivanti Avalanche On-Prem were patched in the product’s latest update. Arctic Wolf has highlighted 13 of these vulnerabilities in this bulletin that were rated as critical severity and could lead to remote code execution (RCE) or Denial of Service (DoS).

Should Your Organization Rely on XDR For Cybersecurity?

The cybersecurity industry is always evolving. Whether new solutions arrive because of advances in technology, emerging threats, or changing security needs, every few years a new platform — and often acronym — joins the market. Extended detection and response (XDR) is one of those solutions that has gained momentum from buyers and taken over many security conversations in recent years.

Why You Need Incident Response as Part of Your Cybersecurity Strategy

With cyber attack frequency hitting new highs, the continued evolution of threat actor tactics, techniques and procedures (TTPs), and the rapid digitization of organizations across industries, it’s become common to say that it’s not a matter of if, but when you’ll experience a cyber incident.

CVE-2023-50164: Public PoC Leveraged to Exploit Critical RCE Vulnerability in Apache Struts

On December 13, 2023, threat actors began exploitation attempts against CVE-2023-50164, a critical-severity remote code execution (RCE) vulnerability impacting Apache Struts, an open-source framework used to create Java Web applications. Based on current intelligence, the threat actors are leveraging a publicly published proof of concept (PoC) exploit.

CVE-2023-36553: Critical OS Command Injection Vulnerability in FortiSIEM

On November 14, 2023, FortiGuard published an advisory disclosing that a critical command injection vulnerability (CVE-2023-36553) had been patched in the latest updates for FortiSIEM. The vulnerability was rated with a Common Vulnerability Scoring System (CVSS) score of 9.3, as it can be exploited remotely by an unauthenticated threat actor using crafted API requests to execute unauthorized commands. This vulnerability is caused by improper neutralization of special elements in FortiSIEM report server.

CVE-2023-22523, CVE-2022-1471, CVE-2023-22524, and CVE-2023-22522: Four Critical RCE Vulnerabilities Impacting Multiple Atlassian Products

On Tuesday, December 5, 2023, Atlassian published fixes for four critical-severity remote code execution (RCE) vulnerabilities impacting a variety of Atlassian products, including Atlassian Confluence Server and Data Center. The vulnerabilities were discovered by Atlassian as part of a security review and have not been actively exploited by threat actors. Additionally, we have not observed a public proof of concept (PoC) exploit published for any of the vulnerabilities.

CVE-2023-49103, CVE-2023-49104, and CVE-2023-49105: Multiple Critical Vulnerabilities in ownCloud

On November 21, 2023, ownCloud published advisories on three security vulnerabilities. The most severe of these vulnerabilities is an information disclosure vulnerability tracked as CVE-2023-49103 (CVSS: 10). The vulnerability is within the “graphapi” extension and is due to a library it relies on. The library provides a URL that when accessed discloses configuration details regarding the PHP environment including environment variables.

CVE-2023-41998, CVE-2023-41999, and CVE-2023-42000: Multiple Arcserve UDP Vulnerabilities Patched

On November 23, 2023, Arcserve released Arcserve Unified Data Protection (UDP) 9.2 to address three vulnerabilities, including a critical-severity remote code execution (RCE) vulnerability. Subsequently on November 27, 2023, Tenable published public Proof of Concepts (PoCs) for these vulnerabilities, as they were the ones who initially disclosed these vulnerabilities to Arcserve back in August 2023.

CMMC Certification: What It Is, What the Requirements Are, and What's Changed With 2.0

America’s cybersecurity experts are bracing for a fresh wave of attack s as the 2024 Presidential election approaches. With nation-states and threat actors launching cyber attacks with increasing regularity and success, and with critical infrastructure and nothing less than the sanctity of our democracy at stake, the U.S. Department of Defense (DoD) continues to tighten the security4 controls not just within its own agency but with all third-party contractors with whom it does business.