Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Latest Posts

Types of Security Scans Every Organization Should Be Using

In 2023, nearly 60% of incidents investigated by Arctic Wolf Incident Response involved a vulnerability that was two — or more — years old. That means the organization had 24-plus months to find and remediate the vulnerability before threat actors took advantage. Why do vulnerabilities remain persistent? There’s a number of reasons, not the least of which is that more of them pop up each day, creating a mountain of vulnerabilities that feels too difficult to summit for most businesses.

How Manufacturing Organizations Can Increase Their Cybersecurity

When Clorox was hit with a ransomware attack in 2023, the impact went beyond just the infected endpoints. Threat actors succeeded in taking many of the organization’s automated systems offline and impacted large retailers’ ability to order products from the manufacturer. There was significant operational downtime as it took Clorox over a month to contain the breach, and the resulting financial loss was in the tens of millions.

CVE-2024-29847: Ivanti Addresses Maximum Severity RCE Vulnerability in Endpoint Manager

On September 10, 2024, Ivanti released fixes for CVE-2024-29847, a maximum severity vulnerability in Ivanti Endpoint Manager (EPM). This flaw, found in the agent portal of specific EPM versions, allows Remote Code Execution (RCE) by an unauthenticated attacker due to improper deserialization of untrusted data.

Understanding the Schools and Libraries Cybersecurity Pilot Program

Schools and libraries often lack the funding and staffing needed to build and maintain a robust cybersecurity program. They are also the exact kind of organizations threat actors prefer— under defended and a storehouse of personally identifiable information (PII). Considering that, in 2024, education was the second-most represented industry in ransomware attacks, and third-most in business email compromise (BEC) attacks, it’s clear that protection is paramount.

Critical Vulnerabilities Patched in Veeam Products

On September 4, 2024, Veeam released a security bulletin announcing that they have fixed several vulnerabilities affecting various Veeam products. Arctic Wolf has highlighted five of these vulnerabilities, which are classified as critical. Arctic Wolf has not observed any exploitation of these vulnerabilities in the wild and has not identified any publicly available proof of concept (PoC) exploit code.

Arctic Wolf Observes Akira Ransomware Campaign Targeting SonicWall SSLVPN Accounts

On August 22, 2024, a remote code execution vulnerability (CVE-2024-40766) was disclosed in SonicOS, affecting a selection of SonicWall firewall devices. At the time of disclosure, active exploitation was not known and no proof-of-concept exploit was publicly available. As of September 6, 2024, however, the security advisory has been updated with additional details, indicating that the vulnerability is potentially being actively exploited.

CVE-2024-7261: Critical OS Command Injection Vulnerability in Zyxel APs and Security Routers

On September 3, 2024, Zyxel released patches for a critical OS command injection vulnerability, identified as CVE-2024-7261, affecting Access Points (APs) and security routers. This vulnerability stems from improper handling of special elements in the “host” parameter within the CGI program of certain AP and router versions, potentially allowing an unauthenticated attacker to execute OS commands by sending a specially crafted cookie to the vulnerable device.

CVE-2024-20439 & CVE-2024-20440: Critical Cisco Smart Licensing Utility Vulnerabilities

On September 4, 2024, Cisco released fixes for two critical vulnerabilities in Cisco Smart Licensing Utility (CSLU), a tool used to manage licenses across Cisco products in a network. Cisco has stated that these vulnerabilities are only exploitable if the Smart Licensing Utility is actively running and has been started by a user. Note: These vulnerabilities do not impact Cisco’s Smart Software Manager On-Prem or Satellite.

How a Security Operations Approach Can Prevent Man-in-the-Middle Attacks

Here’s an endpoint you don’t often think about: your car. But if it’s Wi-Fi enabled, as many new models are, that means it resides at the end point of a network connection and can communicate on that network, making it an endpoint.