|
By Julian Tuin
On January 14, 2025, the CERT Coordination Center (CERT/CC) published a security advisory detailing multiple vulnerabilities impacting Rsync. The most severe vulnerability is CVE-2024-12084, a critical severity heap buffer overflow vulnerability in the Rsync daemon which can lead to out-of-bounds writes in the buffer.
|
By Isa Jones
In the spring of 2024, the FBI warned U.S citizens of a spear phishing campaign by state-sponsored North Korean threat actors.
|
By Julian Tuin
On January 14, 2025, Fortinet published a security advisory for CVE-2024-55591, an authentication bypass using an alternate path or channel vulnerability in FortiOS and FortiProxy. A remote threat actor can craft requests to the Node.js websocket module to gain super-admin privileges.
|
By Julian Tuin
On January 13, 2025, Halcyon released a research blog about the Codefinger group conducting a ransomware campaign targeting Amazon S3 buckets. The attacks leverage AWS’s Server-Side Encryption with Customer Provided Keys (SSE-C) to encrypt data. The threat actors then demand ransom payments for the symmetric AES-256 keys required to decrypt it.
|
By Arctic Wolf Labs
In early December, Arctic Wolf Labs began observing a campaign involving suspicious activity on Fortinet FortiGate firewall devices. By gaining access to management interfaces on affected firewalls, threat actors were able to alter firewall configurations. In compromised environments, threat actors were observed extracting credentials using DCSync.
CVE-2025-0282: Critical Zero-Day Remote Code Execution Vulnerability Impacts Several Ivanti Products
|
By Andres Ramos
On January 8, 2025, Ivanti published a security advisory announcing the patching of a critical, actively exploited vulnerability in Ivanti Connect Secure, Policy Secure, and ZTA Gateways. Tracked as CVE-2025-0282, the vulnerability allows remote unauthenticated threat actors to achieve remote code execution (RCE) via a stack-based buffer overflow flaw. Ivanti confirmed that exploitation has only been observed in Connect Secure, and no exploitation has been reported in Policy Secure or ZTA Gateways.
|
By Arctic Wolf
Through a known vulnerability, a threat actor gains access to an organization and begins to alter the network activity, running unusual enumeration commands. Then the threat actor uses stolen credentials to log into various applications within said network. The cybersecurity monitoring solution at work, in this case Arctic Wolf Managed Detection and Response, subsequently picks up an IP address associated with Finland connecting to the network.
|
By Nick Schneider
It’s the holiday season, and as we close out the year, I’ve never been more confident in the people and mission that fuel Arctic Wolf. A year ago, we set a goal to be even bolder in our commitment to define the security operations industry, while maintaining the qualities that make us great: our community, our perseverance, and our willingness to go above and beyond to delight our customers.
|
By Andres Ramos
Since December 16, 2024, Arctic Wolf has observed increased activity in a social engineering campaign associated with Black Basta ransomware. In this campaign, threat actors were observed using Microsoft Quick Assist and Teams to impersonate IT personnel and engage in malicious activities upon contacting victims. This is a continuation of the Black Basta campaign we reported on in a security bulletin sent in June 2024.
|
By Andres Ramos
On December 15, 2024, reports emerged that threat actors have begun attempting to exploit a recently disclosed critical vulnerability in Apache Struts (CVE-2024-53677) shortly after the publication of a Proof-of-Concept (PoC) exploit. Apache Struts is a widely used open-source web application framework for developing Java-based applications.
|
By Arctic Wolf
This month we sit down with Debra Sevelius, Vice President of Legal, as she shares the "glamorous side of commercial legal," her love of curling, and much more! As the Head of Commercial Legal at Arctic Wolf, Deb is an experienced, collaborative, globally-minded executive leader, with a proven record in leading legal and cross-functional operational teams that deliver pragmatic win-win outcomes that maximize long term value, achieve process efficiencies, and increase revenue.
|
By Arctic Wolf
In this overview of Arctic Wolf Managed Security Awareness, we take a look at the importance of addressing human risk. Find out how this program uses micro learning sessions to deliver frequent, easy to consume content that builds a strong security culture. Learn more how Arctic Wolf Managed Security Awareness ends human risk by delivering 100% relevant microlearning content.
|
By Arctic Wolf
Using two different use cases, this video demonstrates how the My Assets page helps Arctic Wolf Managed Risk customers assess assets, identify risks, prioritize mitigations, and work towards ending cyber risk.
|
By Arctic Wolf
This demo provides an overview of the Managed Security Awareness dashboard statistics, as well as the on-demand reporting capabilities and historical data for this comprehensive program. Learn more about Arctic Wolf's Managed Security Awareness.
|
By Arctic Wolf
In this edition of Always Ahead, Arctic Wolf Chief Product and Services Officer Daniel Schiappa shares his predictions for the cybersecurity industry in 2025.
|
By Arctic Wolf
The Arctic Wolf analyst team is known for their 24x7 monitoring and concierge level service. In this video we'll explore a few of the response actions the SOC team has at their disposal to take action and mitigate impact during a cyber security incident.
|
By Arctic Wolf
Built on the Arctic Wolf Security Operations Cloud and Concierge Delivery Model, Arctic Wolf serves over 7,000 customers worldwide, helping organizations of all sizes and industries end cyber risk.
|
By Arctic Wolf
This video demonstrates how Arctic Wolf Threat Intelligence enables customers to defend against new and emerging threats through engaging content, actionable intelligence, and IoC quicklinks.
|
By Arctic Wolf
In this demo, we will see how Arctic Wolf's unified portal reflects the status of Security Focuses and the availability of Security Reviews to help customers monitor and plan the advancement of their security journey.
|
By Arctic Wolf
This month we sit down with Jeff Green, Senior Vice President of R&D, as he shares his experience helping open our brand-new India office, leadership advice he swears by, and more! Jeff is an industry veteran with over 30 years of experience in building world-class products and technologies for enterprises and consumers primarily focused in security. Currently as Senior Vice President of R&D, Jeff leads Arctic Wolf’s global research and engineering organization with a focus on delivering security outcomes for customers and ending cyber risk at high scale.
|
By Arctic Wolf
Financial institutions, particularly regional banks and credit unions, are facing challenges both in terms of safeguarding data of their customers and meeting data security compliance standards. Information technology (IT) teams in these institutions are stretched thin. They struggle with needing to meet compliance obligations while simultaneously combatting cyberthreats.
|
By Arctic Wolf
The Health Insurance Portability and Accountability Act (HIPAA) Security Rule focuses on the safeguarding of electronic protected health information (ePHI) through the implementation of administrative, physical, and technical safeguards.
|
By Arctic Wolf
Security information and event management (SIEM), security orchestration, automation, and response (SOAR), and the newer extended detection and response (XDR) solutions have become the top choices for organizations wanting a unified view of activity within their IT environments. By combining relevant data into single consoles, XDR, SIEM and SOAR technologies minimize the time analysts spend moving between platforms and make it easier to correlate the data and develop subsequent steps appropriately.
- January 2025 (11)
- December 2024 (17)
- November 2024 (11)
- October 2024 (14)
- September 2024 (22)
- August 2024 (14)
- July 2024 (23)
- June 2024 (22)
- May 2024 (15)
- April 2024 (19)
- March 2024 (12)
- February 2024 (20)
- January 2024 (18)
- December 2023 (15)
- November 2023 (15)
- October 2023 (13)
- September 2023 (14)
- August 2023 (18)
- July 2023 (24)
- June 2023 (19)
- May 2023 (17)
- April 2023 (17)
- March 2023 (22)
- February 2023 (23)
- January 2023 (14)
- December 2022 (19)
- November 2022 (16)
- October 2022 (23)
- September 2022 (22)
- August 2022 (14)
- July 2022 (9)
- June 2022 (11)
- May 2022 (12)
- April 2022 (17)
- March 2022 (13)
- February 2022 (9)
- January 2022 (10)
- December 2021 (13)
- November 2021 (16)
- October 2021 (6)
- September 2021 (8)
- May 2021 (2)
- November 2020 (2)
- August 2020 (1)
- November 2019 (1)
- August 2019 (1)
- March 2017 (2)
Cybersecurity is a field that requires 24x7 vigilance and constant adaptation. Arctic Wolf’s cloud native platform and Concierge Security® Team delivers uniquely effective solutions.
The cybersecurity industry has an effectiveness problem. New technologies, vendors, and solutions emerge every year—yet, we still see headlines filled with high-profile breaches. Many attacks occur – not because a product failed to raise an alert – they fail because the alert was missed or was not actioned on. To prevent these attacks, the industry needs to adopt a new approach by focusing on security operations. That’s where Arctic Wolf can help.
Arctic Wolf® Platform
Spanning thousands of installations, the Arctic Wolf® Platform processes over 200 billion security events daily. The platform collects and enriches endpoint, network, and cloud telemetry, and then analyzes it with multiple detection engines. Machine learning and custom detection rules then deliver personalized protection for your organization.
While other products have limited visibility, the vendor-neutral Arctic Wolf® Platform enables broad visibility and works seamlessly with existing technology stacks, making it easy to adopt while eliminating blind spots and vendor lock-in.
Concierge Security® Team
Arctic Wolf invented the concept of Concierge Security®. With this delivery model, we pair a team of our security operations experts directly with your IT or security staff. Your Concierge Security® Team gives you 24×7 eyes-on-glass coverage. We work with your team on an ongoing basis to learn your security needs so that they can tune solutions for maximum effectiveness and ensure that your security posture gets stronger over time.
The Concierge Security® Team combines deep security operations expertise with an understanding of your environment to deliver better outcomes. We take on tactical actions like threat hunting and alert prioritization, and strategic tasks like security posture reviews and risk management.