|
By Arctic Wolf
When security information and event management (SIEM) tools came to the market over a decade ago, many practitioners considered the combination of information management and event management groundbreaking. Since then, the technology has gone through iterations to improve and enhance its capabilities, including the incorporation of user and entity behavior analytics (UEBA), machine learning and AI capabilities, and “out-of-the-box” configurations for smaller organizations to rely on.
|
By Steven Campbell
On Tuesday, December 5, 2023, Atlassian published fixes for four critical-severity remote code execution (RCE) vulnerabilities impacting a variety of Atlassian products, including Atlassian Confluence Server and Data Center. The vulnerabilities were discovered by Atlassian as part of a security review and have not been actively exploited by threat actors. Additionally, we have not observed a public proof of concept (PoC) exploit published for any of the vulnerabilities.
|
By Steven Campbell
On November 21, 2023, ownCloud published advisories on three security vulnerabilities. The most severe of these vulnerabilities is an information disclosure vulnerability tracked as CVE-2023-49103 (CVSS: 10). The vulnerability is within the “graphapi” extension and is due to a library it relies on. The library provides a URL that when accessed discloses configuration details regarding the PHP environment including environment variables.
|
By Andres Ramos
On November 23, 2023, Arcserve released Arcserve Unified Data Protection (UDP) 9.2 to address three vulnerabilities, including a critical-severity remote code execution (RCE) vulnerability. Subsequently on November 27, 2023, Tenable published public Proof of Concepts (PoCs) for these vulnerabilities, as they were the ones who initially disclosed these vulnerabilities to Arcserve back in August 2023.
|
By Philip Rosen
America’s cybersecurity experts are bracing for a fresh wave of attack s as the 2024 Presidential election approaches. With nation-states and threat actors launching cyber attacks with increasing regularity and success, and with critical infrastructure and nothing less than the sanctity of our democracy at stake, the U.S. Department of Defense (DoD) continues to tighten the security4 controls not just within its own agency but with all third-party contractors with whom it does business.
|
By Arctic Wolf
Back in 2013, Gartner’s Anton Chuvakin set out to name a new set of security solutions to detect suspicious activity on endpoints. After what he called “a long agonizing process that involved plenty of conversations with vendors, enterprises, and other analysts” Chuvakin came up with this phrase: endpoint threat detection and response. Since then, this moniker has been shortened to endpoint detection and response or EDR. But as the name got smaller, the market got bigger.
|
By James Liolios
Arctic Wolf has recently worked multiple incident response cases where we have observed ransomware groups exploiting CVE-2023-41265, CVE-2023-41266 & CVE-2023-48365 to gain initial access. On August 29, 2023, Qlik published a support article detailing two vulnerabilities which when successfully exploited in tandem could lead to an unauthenticated threat actor achieving remote code execution (RCE). CVE-2023-41266.
Arctic Wolf Labs has observed a new Cactus ransomware campaign which exploits publicly-exposed installations of Qlik Sense, a cloud analytics and business intelligence platform.[1] Based on available evidence, we assess that all vulnerabilities exploited were previously identified by researchers from Praetorian [2,3]. For more information on these vulnerabilities, see the advisories published by Qlik (CVE-2023-41266, CVE-2023-41265, and CVE-2023-48365) as well as our Security Bulletin.
|
By James Liolios
On August 10, 2023, CrushFTP released an advisory regarding a vulnerability affecting versions of CrushFTP lower than 10.5.1. Since then, the vulnerability has been tracked as CVE-2023-43177 and the security researchers at Converge published a blog sharing their findings on November 16. CVE-2023-43177 is a mass assignment vulnerability related to how CrushFTP parses request headers for the AS2 protocol. Successful exploitation could lead to unauthenticated, remote code execution (RCE).
|
By Steven Campbell
Beginning on at least October 20, 2023, a North Korea-linked threat actor, tracked as Diamond Sleet by Microsoft, leveraged a modified CyberLink installer to compromise victim assets. CyberLink Corp. is a Taiwan-based multimedia software company that develops media editing and recording software.
|
By Arctic Wolf
Arctic Wolf understands that the holiday season is a stressful time. Our Chief Product Officer Dan Schiappa explains in this episode of Always Ahead why the holiday season is also a lucrative time for threat actors, who are looking to target organizations who may have let their guard down as they celebrate, and what organizations need to know to stay protected.
|
By Arctic Wolf
Arctic Wolf is committed to expanding our security operations across the world to provide the best performance for customers, no matter where they are. Our Chief Product Officer Dan Schiappa explains why establishing a local presence with our customers enhances our mission to End Cyber Risk.
|
By Arctic Wolf
In this episode, our hosts sit down with Clare Loveridge, Vice President and General Manager, EMEA, at Arctic Wolf. Clare is an internationally focused global leader with more than 20 years experience in sales and channel leadership roles at companies like data domain and Nimble Storage where she's grown businesses across EMEA. Clare was the first person hired in the EMEA region at Arctic Wolf to start the region almost 3 years ago.
|
By Arctic Wolf
In this episode, our hosts sit down with Dan Schiappa, Chief Product Officer at Arctic Wolf. Dan is responsible for driving innovation across product, engineering, alliances, and business development teams to help meet demand for security operations through Arctic Wolf’s growing customer base—especially in the enterprise sector.
|
By Arctic Wolf
In this episode, our hosts sit down with Adam Marrè, Chief Information Security Officer at Arctic Wolf. Prior to joining Arctic Wolf, Adam was the Global Head of Information Security Operations and Physical Security at Qualtrics. With deep roots in the cybersecurity space, Adam spent almost 12 years with the FBI, holding positions like SWAT Senior Team Leader and Special Agent. In this episode, Adam gives us a peak into the life of a CISO, what keeps him up at night, how he manages stress, and what he believes is foundational to leadership.
|
By Arctic Wolf
In the first Howler podcast episode, our hosts sit down with Brian NeSmith, Co-Founder and Executive Chairman of Arctic Wolf. Brian NeSmith is an internationally recognized business leader, bringing more than 30 years of cybersecurity leadership, including extensive experience driving revenue growth and scaling organizations globally. Before founding Arctic Wolf, he served as CEO of Blue Coat Systems, and prior to Blue Coat, CEO of Ipsilon Networks (acquired by Nokia), which became the leading appliance platform for Check Point firewalls.
|
By Arctic Wolf
Arctic Wolf was named as the Customers’ Choice for North America in the July 2023 Gartner® Peer Insights™ ‘ Voice of the Customer: Managed Detection and Response Services’ . Our Chief Product Officer Dan Schiappa explains how we continue to differentiate our approach to MDR with a full-service cloud-native platform that is praised by organizations worldwide for its efficacy, efficiency, and scale as attack vectors widen and existing endpoint solutions alone fail to protect organizations.
|
By Arctic Wolf
Our Chief Product Officer Dan Schiappa explains the differentiated approach Arctic Wolf takes to Managed Security Awareness®, making security education as simple and effective as possible for our customers. With Hollywood-quality production and entertaining material, Arctic Wolf's approach to micro-learning is both fast and fun.
|
By Arctic Wolf
Arctic Wolf Vice President of Product Marketing, Matthew Trushinski, and Patty Ryan, CISO, QuidelOrtho, join CyberScoop to discuss the benefits of preparing proactively for cyber threats. Trushinski discusses how having a very clear incident readiness plan is crucial to any organization.
|
By Arctic Wolf
Two major players in hospitality and gaming, MGM and Caesars, were victims of two, separate cyber attacks. While the details are still unknown, what is known is that Caesars paid the hackers a multi-million dollar ransom, and that both attacks began with social engineering.
|
By Arctic Wolf
Security information and event management (SIEM), security orchestration, automation, and response (SOAR), and the newer extended detection and response (XDR) solutions have become the top choices for organizations wanting a unified view of activity within their IT environments. By combining relevant data into single consoles, XDR, SIEM and SOAR technologies minimize the time analysts spend moving between platforms and make it easier to correlate the data and develop subsequent steps appropriately.
|
By Arctic Wolf
The Health Insurance Portability and Accountability Act (HIPAA) Security Rule focuses on the safeguarding of electronic protected health information (ePHI) through the implementation of administrative, physical, and technical safeguards.
|
By Arctic Wolf
Financial institutions, particularly regional banks and credit unions, are facing challenges both in terms of safeguarding data of their customers and meeting data security compliance standards. Information technology (IT) teams in these institutions are stretched thin. They struggle with needing to meet compliance obligations while simultaneously combatting cyberthreats.
- December 2023 (8)
- November 2023 (19)
- October 2023 (15)
- September 2023 (17)
- August 2023 (21)
- July 2023 (26)
- June 2023 (21)
- May 2023 (21)
- April 2023 (18)
- March 2023 (24)
- February 2023 (25)
- January 2023 (14)
- December 2022 (21)
- November 2022 (18)
- October 2022 (23)
- September 2022 (23)
- August 2022 (16)
- July 2022 (9)
- June 2022 (11)
- May 2022 (12)
- April 2022 (17)
- March 2022 (13)
- February 2022 (9)
- January 2022 (10)
- December 2021 (14)
- November 2021 (16)
- October 2021 (6)
- September 2021 (8)
- May 2021 (2)
- November 2020 (2)
- August 2020 (1)
- November 2019 (1)
- August 2019 (1)
- March 2017 (2)
Cybersecurity is a field that requires 24x7 vigilance and constant adaptation. Arctic Wolf’s cloud native platform and Concierge Security® Team delivers uniquely effective solutions.
The cybersecurity industry has an effectiveness problem. New technologies, vendors, and solutions emerge every year—yet, we still see headlines filled with high-profile breaches. Many attacks occur – not because a product failed to raise an alert – they fail because the alert was missed or was not actioned on. To prevent these attacks, the industry needs to adopt a new approach by focusing on security operations. That’s where Arctic Wolf can help.
Arctic Wolf® Platform
Spanning thousands of installations, the Arctic Wolf® Platform processes over 200 billion security events daily. The platform collects and enriches endpoint, network, and cloud telemetry, and then analyzes it with multiple detection engines. Machine learning and custom detection rules then deliver personalized protection for your organization.
While other products have limited visibility, the vendor-neutral Arctic Wolf® Platform enables broad visibility and works seamlessly with existing technology stacks, making it easy to adopt while eliminating blind spots and vendor lock-in.
Concierge Security® Team
Arctic Wolf invented the concept of Concierge Security®. With this delivery model, we pair a team of our security operations experts directly with your IT or security staff. Your Concierge Security® Team gives you 24×7 eyes-on-glass coverage. We work with your team on an ongoing basis to learn your security needs so that they can tune solutions for maximum effectiveness and ensure that your security posture gets stronger over time.
The Concierge Security® Team combines deep security operations expertise with an understanding of your environment to deliver better outcomes. We take on tactical actions like threat hunting and alert prioritization, and strategic tasks like security posture reviews and risk management.