Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Latest Posts

Breaking down BEC: Why Business Email Compromise is More Popular Than Ever

Cybersecurity moves fast, and the latest threats to reach organizations worldwide are being built on the back of artificial intelligence (AI) models that spit out accurate code, realistic messages, and lifelike audio and video designed to fool people. But as headline-grabbing as AI-based attacks appear to be, they aren’t driving the most breaches globally. That would be BEC attacks, in which attackers leverage stolen access to a business email account to create a scam that results in financial gain.

CVE-2024-5805 & CVE-2024-5806: Authentication Bypass Vulnerabilities in Progress MOVEit Transfer and MOVEit Gateway

On June 25, 2024, Progress disclosed two vulnerabilities affecting MOVEit Transfer and MOVEit Gateway: CVE-2024-5805: A critical severity authentication bypass vulnerability affecting MOVEit Gateway (SFTP module). MOVEit Gateway is a proxy for MOVEit Transfer, designed to securely handle inbound connections when deployed behind a firewall.

CVE-2024-37079 & CVE-2024-37080: Critical Heap-overflow Remote Code Execution Vulnerabilities in VMware vCenter Server and Cloud Foundation

On June 17, 2024, VMware disclosed two critical vulnerabilities (CVE-2024-37079 & CVE-2024-37080) affecting vCenter Server and Cloud Foundation. These vulnerabilities stem from a heap-overflow issue in the implementation of the DCERPC protocol which can be exploited by remote threat actors. By sending specially crafted network packets, threat actors could exploit CVE-2024-37079 and CVE-2024-37080 to achieve Remote Code Execution (RCE) on both vCenter Server and Cloud Foundation systems.

CDK Global Cyber Incident Affects Automotive Dealers Across the US

On June 19, 2024, CDK Global notified customers that a cyber incident had led to a shutdown of its systems, significantly impacting car dealerships across the United States. CDK Global serves nearly 15,000 dealership locations, and the incident caused substantial disruption, forcing car dealerships to halt operations and revert to manual processes. Dealerships were initially notified about the incident around 2AM Eastern time on June 19, 2024, with an update at 8AM confirming the incident.

How to Solve the 5 Biggest Security Awareness Training Challenges

Positive security outcomes don’t happen by chance — they result from a culture in which security is ingrained and embodied within and by everyone, from the executives through the employees. This fact has led to an overdue shift in organizational thinking, with recent research revealing that 88% of global organizations currently use some form of security awareness program, with another 10% in the process of adopting such a program within the next 12 months.

How To Defend Against the Rise of BEC Attacks

In 2023, the FBI’s Internet Crime Complaint Center (IC3) received 21,489 BEC complaints with adjusted losses over $2.9 billion USD, according to their 2023 Internet Crime Report. By way of comparison, ransomware, the cyber attack that grabs all the headlines and keeps IT and security teams up at night, accounted for only 2,825 complaints, with adjusted losses of less than $60 million USD.

Black Basta Ransomware Group Affiliates Leveraging Windows Quick Assist for Initial Access

Since April 2024, Arctic Wolf has been tracking an ongoing campaign by Black Basta ransomware group affiliates leveraging Microsoft’s Quick Assist for initial access. The Black Basta affiliates have been conducting vishing (voice phishing) attacks by impersonating IT or help desk personnel, claiming they need to fix an issue on the victim’s device. In other instances, the threat actors leverage an email bomb attack to flood the victim’s mailbox with emails from subscription services.

Understanding the Risks of Remote Monitoring and Management Tools

On February 19, 2024, ConnectWise published a security bulletin detailing two critical vulnerabilities within their on-premises ScreenConnect software, stating that the vulnerabilities have the potential to result in remote code execution (RCE). ScreenConnect is a widely utilized Remote Monitoring and Management (RMM) tool that has been leveraged by threat actors in the past, often in connection with ransomware attacks.

8 Steps to Navigating Cybersecurity Data Compliance

Cybersecurity compliance is complicated. As industry standards change and evolve with new technology, so do compliance requirements. Depending on your organization’s operations, industry, or even location, compliance could mean adhering to multiple frameworks and reporting to multiple governing bodies. In fact, 67% of organizations surveyed by Arctic Wolf follow between one to three sets of guidelines.