Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

August 2023

Arctic Wolf

Critical Authentication Bypass Vulnerability in VMware Aria Operations for Networks: CVE-2023-34039

Aug 31, 2023 By Steven Campbell In Arctic Wolf
On Tuesday, August 29, 2023, VMware disclosed a critical authentication bypass vulnerability (CVE-2023-34039) in VMware Aria Operations for Networks–formerly known as vRealize Network Insight–that could result in a threat actor gaining access to the Aria Operations for Networks CLI by bypassing SSH authentication. The vulnerability was responsibly disclosed to VMware and has not been actively exploited in campaigns.
Read Post
Arctic Wolf

Ongoing Ransomware Campaign Against Cisco ASA VPN Appliances

Aug 31, 2023 By James Liolios In Arctic Wolf
Arctic Wolf has been tracking multiple intrusions where Cisco VPN account credentials were harnessed by Akira ransomware for initial access. In a recent Cisco PSIRT advisory, Cisco stated they were aware of reports that Akira ransomware threat actors have been targeting Cisco VPNs that are not configured for multi-factor authentication to infiltrate organizations. Our case data supports the observation that affected accounts did not have MFA enabled.
Read Post
Arctic Wolf

1H 2023 Ransomware Landscape Overview

Aug 30, 2023 By Arctic Wolf In Arctic Wolf
Threat actor groups maintain dark web shame sites to negotiate ransoms with their victims, name them, and leak their data as punishment for not paying. These sites serve as a major tool for threatening victims and securing ransom payments but are not a precise record of global cyber attacks. However, there’s a lot to learn from the dark web behavior observed in the first half of this year to help contextualize the current threat landscape.
Read Post

Arctic Wolf Cybersecurity Awareness Month: House of 1000 Breaches Trailer

Aug 29, 2023 By Arctic Wolf In Arctic Wolf
This October, Arctic Wolf Managed Security Awareness in conjunction with Cybersecurity Awareness Month presents “House of 1000 Breaches”, the cybersecurity anthology raising goosebumps and social engineering awareness of all who dare to watch. Available to Arctic Wolf Managed Security Awareness subscribers, and on the Arctic Wolf YouTube Channel. Learn more about Security Awareness and how it can prepare your employees to recognize and neutralize social engineering attacks and human error.
View Video

The Hacker and The Fed: Combatting Cybercrime from the Inside

Aug 28, 2023 By Arctic Wolf In Arctic Wolf
You’ve heard of Anonymous. This is one of the most talked about and dangerous cybercriminal organizations in the world. Join this session to understand the perspective and experience of former Anonymous Black Hat Hacker, Hector Monsegur, and the former FBI agent who infiltrated Anonymous, Chris Tarbell.
View Video
Arctic Wolf

5 Ways to Avoid Falling for Phishing Attacks

Aug 24, 2023 By Nathan Caldwell In Arctic Wolf
There’s a sentiment that has, unfortunately, taken hold in the field of cybersecurity: Users are the weakest part of your environment. You can see why some may try to paint that picture. The statistics would seem to back it up: However, there’s a deeper truth hiding behind these statistics: It’s not the employees who are the weakest part of your security environment, it’s the training they receive.
Read Post

The Pretext: Insider Threats

Aug 24, 2023 By Arctic Wolf In Arctic Wolf
Cybercriminals are looking for a few good... actually, bad... insiders. Malicious insiders enact revenge for termination or line their pockets with ill-gotten funds through partnership with threat actors, giving up their credentials, stealing data, or agreeing to install malware on their organization's environment. How to prevent them? Watch this session from Arctic Wolf® Managed Security Awareness!
View Video
Arctic Wolf

CVE-2023-38035: Critical Authentication Bypass Vulnerability in Ivanti Sentry

Aug 23, 2023 By Andres Ramos In Arctic Wolf
On August 21, 2023, Ivanti published a knowledge base article on a critical authentication bypass vulnerability impacting Ivanti Sentry (CVE-2023-38035). For this vulnerability to be exploited, the System Management Portal which is hosted on port 8443 by default must be exposed to the internet. Successful exploitation of this vulnerability could lead to a remote unauthenticated threat actor making configuration changes to the server and the underlying Operating System (OS) as root.
Read Post
Arctic Wolf

CVE-2023-32560: Critical Remote Code Execution Vulnerabilities in Ivanti Avalanche

Aug 21, 2023 By James Liolios In Arctic Wolf
On August 14th, 2023, cybersecurity company Tenable released a research advisory detailing two stack-based buffer overflow vulnerabilities, collectively tracked as CVE-2023-32560, impacting Ivanti Avalanche products version 6.4.0 and older. A threat actor could remotely exploit the vulnerabilities without user authentication by specifying long data type items to overflow the buffer.
Read Post
Arctic Wolf

Multiple Junos OS Vulnerabilities Could lead to Unauthenticated Remote Code Execution

Aug 18, 2023 By Steven Campbell In Arctic Wolf
On August 17th, 2023, Juniper Networks released out-of-band fixes for multiple vulnerabilities that could be chained together to achieve unauthenticated remote code execution (RCE) on SRX and EX series devices. The vulnerabilities impact the J-Web component of Junos OS, the operating system running on the devices.
Read Post

Consent Phishing Mystery

Aug 17, 2023 By Arctic Wolf In Arctic Wolf
Janice was notified of an unauthorized $10,000 transfer from her account. Which of her co-workers is behind this nefarious attack? And how did they gain access to her personal data? Find out in this silent mystery. Learn more about Security Awareness and how it can prepare your employees to recognize and neutralize social engineering attacks and human error.
View Video
Arctic Wolf

How Humans Cause and Can Prevent Data Breaches

Aug 17, 2023 By Arctic Wolf In Arctic Wolf
When it comes to analyzing your attack surface, you’re probably assessing vulnerabilities, monitoring your firewall, tracking email security, and managing your identity and access management. But there is one part of the attack surface that often gets overlooked, and for that reason threat actors are targeting it with increased frequency, causing it to jump to the top of the initial access methods list: the human element.
Read Post
Arctic Wolf

The Value of SOC-as-a-Service

Aug 15, 2023 By Arctic Wolf In Arctic Wolf
Today’s cybersecurity landscape can be challenging. Cyber attacks are rising every year (50% of organizations suffered a breach in 2022), the skills gap continues to widen, and hackers are taking advantage of new techniques and new criminal networks like ransomware-as-a-service to launch sophisticated attacks. For organizations, it’s become harder to stay secure. The internal security operations center (SOC) isn’t feasible for many.
Read Post
Arctic Wolf

CVE-2023-39143: Critical Remote Code Execution Vulnerability in PaperCut Print Management Server

Aug 14, 2023 By Andres Ramos In Arctic Wolf
On August 4, 2023, security researchers published a blog detailing a critical remote code (RCE) vulnerability in PaperCut NG/MF print management servers (CVE-2023-39143: CVSS 8.4). CVE-2023-39143 could allow unauthenticated threat actors to read, delete, and upload arbitrary files on compromised systems, which results in RCE. Additionally, this vulnerability does not require user interaction.
Read Post
Arctic Wolf

How To Prevent MFA Fatigue Attacks

Aug 10, 2023 By Sule Tatar In Arctic Wolf
As organizations continue to digitize and passwords proliferate across systems, applications, and even assets, identity and access management (IAM) has become a pillar of cybersecurity. One component of IAM has, in particular, become ubiquitous with access security: multi-factor authentication (MFA). MFA is an access control technique that adds a layer of security to user logins and access by making the user verify their identity.
Read Post
Arctic Wolf

The Value of Security Awareness Training For Your Organization

Aug 8, 2023 By Nathan Caldwell In Arctic Wolf
As organizations across the globe grapple with the growing issue of cyber attacks — 2023 cybercrime costs are expected to hit $8 trillion — organizations are realizing that more than technical tools are needed to stay ahead of mounting threats. Even one mistake by an untrained employee can have serious consequences and result in a data breach.
Read Post
Arctic Wolf

The Top Cyber Attacks of July 2023

Aug 4, 2023 By Arctic Wolf In Arctic Wolf
July was one of the hottest months in recent memory, and cybercriminals did their part to keep the heat cranked up for organizations around the globe. As organizations continued sorting through the wreckage of the massive MoveIT incident, new and ongoing threats continued to arrive from every corner. July’s notable breaches include attacks on healthcare providers, emergency services, government agencies, and free speech.
Read Post
Arctic Wolf

The Top 3 Cyber Attack Vectors

Aug 3, 2023 By Arctic Wolf In Arctic Wolf
It’s no surprise that cyber attacks are on the rise. The sheer volume of attacks — along with the increase in ransomware, business email compromise, and other kinds of attacks — has steadily ticked up year after year. Cybercrime is now the number one global business risk, rakes in trillions for cybercriminals, and has advanced far beyond simple “scam emails” and brute-force attacks.
Read Post
Arctic Wolf

Understanding The Impact of the SEC's New Cybersecurity Disclosure Rules

Aug 1, 2023 By Arctic Wolf In Arctic Wolf
With the constant threat of cyber attacks against corporations of all sizes, last week the U.S. Securities and Exchange Commission (SEC) introduced new cybersecurity disclosure rules to ensure greater transparency and accountability for publicly traded companies.
Read Post

Copyright © 2024 OpsMatters™. All rights reserved.