Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

January 2024

Arctic Wolf

Understanding Tactics, Techniques, and Procedures

Jan 31, 2024 By Arctic Wolf In Arctic Wolf
Microsoft PowerShell is a ubiquitous piece of software. It’s also, unfortunately, a major attack vector for threat actors. Once a threat actor has initial access into a network, they can utilize the commands and scripts components of PowerShell to conduct reconnaissance or inject fileless malware into the network. This activity is so common it’s continually listed as one of the top tactics, techniques, and procedures (TTPs).
Read Post
Arctic Wolf

CVE-2024-0204: Critical Authentication Bypass in Fortra's GoAnywhere MFT

Jan 30, 2024 By Stefan Hostetler In Arctic Wolf
On January 22, 2024, Fortra publicly disclosed a critical vulnerability, CVE-2024-0204, in their GoAnywhere MFT product. This vulnerability, which was responsibly disclosed to Fortra by Spark Engineering Consultants, had been patched on December 7, 2023. CVE-2024-0204 is a severe authentication bypass vulnerability with a CVSS score of 9.8.
Read Post
Arctic Wolf

Understanding Indicators of Compromise and Their Role in Cybersecurity

Jan 29, 2024 By Arctic Wolf In Arctic Wolf
Through a known vulnerability, a threat actor gains access to an organization, and begins to alter the network activity, running unusual enumeration commands. Then, to make a lateral move, the threat actor uses stolen credentials to log into various applications within said network. The cybersecurity monitoring solution at work, in this case Arctic Wolf® Managed Detection and Response, then picks up an IP address associated with Finland connecting to the network.
Read Post
Arctic Wolf

Why Credit Unions Need to Improve Their Cybersecurity

Jan 26, 2024 By Arctic Wolf In Arctic Wolf
Where there is money, there are cybercriminals trying to take it. This is especially true for credit unions, which deal with both financial information and the personal identifying information (PII) of every member and connected institution. They are a digital vault of data and dollars and threat actors are all too ready to crack the safe.
Read Post

Minnesota Vikings and Arctic Wolf Create a Strong Defense

Jan 25, 2024 By Arctic Wolf In Arctic Wolf
As the trusted security operations partner of the Minnesota Vikings, Arctic Wolf provides visibility, insights, and response to a myriad of cyber threats unique to the NFL team’s complex environment. Since the beginning of the partnership two years ago, Vice President of Information Technology Cheryl Nygaard has seen improvements in the organization’s security posture and feels confident about their cyber future.
View Video
Arctic Wolf

13 Types of Malware Attacks - and How You Can Defend Against Them

Jan 23, 2024 By Arctic Wolf In Arctic Wolf
If a malware attack is successful, it can result in lost revenue, unexpected down time, stolen data, and more costly consequences. With over 450,000 new malicious programs registered each day by independent IT security institute AV-Test, malware may be the biggest threat to your organization. There are many different types of malware and attackers are continually innovating more complex, harder-to-detect versions. Now is the time to take proactive steps to protect your organization.
Read Post
Arctic Wolf

CherryLoader: A New Go-based Loader Discovered in Recent Intrusions

Jan 23, 2024 By Hady Azzam, Christopher Prest, and Steven Campbell In Arctic Wolf
Arctic Wolf Labs has been tracking two recent intrusions where threat actors leveraged a new Go-based malware downloader we are calling “CherryLoader” that allowed them to swap exploits without recompiling code. The loader’s icon and name masqueraded as the legitimate CherryTree note taking application to trick the victims.
Read Post
Arctic Wolf

CVE-2023-6548 & CVE-2023-6549: DoS and RCE Vulnerabilities Exploited in Citrix NetScaler ADC and NetScaler Gateway

Jan 22, 2024 By Andres Ramos In Arctic Wolf
On January 16, 2024, Citrix published a security bulletin disclosing two zero-day vulnerabilities (CVE-2023-6548 & CVE-2023-6549) being actively exploited in Citrix NetScaler ADC and NetScaler Gateway.
Read Post
Arctic Wolf

CVE-2024-21591: Critical Junos OS Vulnerability Could lead to Unauthenticated Remote Code Execution

Jan 22, 2024 By Steven Campbell In Arctic Wolf
On January 10, 2024, Juniper Networks released patches to remediate a critical vulnerability (CVE-2024-21591) in Junos SRX and EX series devices. CVE-2024-21591 could allow a threat actor to cause a denial of service (DoS) or achieve unauthenticated remote code execution (RCE) with root privileges. The vulnerability impacts the J-Web component of Junos OS, the operating system running on the devices. The vulnerability was discovered during external security research.
Read Post
Arctic Wolf

Ransomware-as-a-Service Will Continue to Grow in 2024

Jan 19, 2024 By Arctic Wolf In Arctic Wolf
Ransomware-as-a-service (RaaS) may not be a brand-new tactic on the cyber battlefield, but it’s quickly gaining popularity among threat actors. For at least the past five years, cybercriminals have not only realized the monetary effectiveness of ransomware, but have understood that by banding together, and utilizing each other’s strengths, they could expand their ransomware attacks, split the profits, and utilize stolen data to launch future cyber attacks on larger organizations.
Read Post
Arctic Wolf

Securing Your IoT Network: 5 Best Practices to Protect Your Business

Jan 16, 2024 By Arctic Wolf In Arctic Wolf
The volume of internet of things (IoT) devices is rapidly growing. From manufacturing to healthcare to retail, organizations are turning to these devices as they digitize and expand. In fact, it’s estimated that IoT devices make up 30% of devices on enterprise networks, and there’s an estimated 17 billion IoT devices in the world, from simple consumer devices to complicated enterprise tools.
Read Post
Arctic Wolf

CVE-2024-21887 and CVE-2023-46805: Actively Exploited Vulnerabilities in Ivanti Secure Products Chained Together to Achieve Unauthenticated RCE

Jan 16, 2024 By Steven Campbell In Arctic Wolf
In mid-December 2023, Volexity observed UTA0178–a potential Chinese nation-state threat actor–leveraging two zero-day vulnerabilities in Ivanti Connect Secure (formerly known as Pulse Connect Secure) VPN appliances to steal configuration data, modify and download files, establish a reverse tunnel, and ultimately place webshells (GLASSTOKEN) on multiple internal and external-facing web servers.
Read Post
Arctic Wolf

CVE-2024-20272: Critical Unauthenticated Arbitrary File Upload Vulnerability in Cisco Unity Connection

Jan 16, 2024 By Steven Campbell In Arctic Wolf
On January 10, 2024, Cisco disclosed a critical vulnerability, CVE-2024-20272, with a CVSS score of 7.3, in their Cisco Unity Connection software. This vulnerability allows an unauthenticated remote attacker to upload arbitrary files and execute commands on the underlying operating system. Cisco has released a patch to address the issue.
Read Post

The Howler - Episode 5: Nick Schneider, President & CEO at Arctic Wolf

Jan 12, 2024 By Arctic Wolf In Arctic Wolf
In this episode, our hosts sit down with Nick Schneider, President & CEO at Arctic Wolf. As President and CEO of Arctic Wolf, Nick Schneider brings more than 15 years of experience in building global, high-growth technology companies spanning both emerging and established markets. As a veteran in the security industry, Nick has developed expertise in creating best-of-breed technology platforms and world-class sales organizations, which have been the driving force behind Arctic Wolf’s explosive growth and leadership position in the security operations market.
View Video
Arctic Wolf

CVE-2023-39336: SQL Injection Vulnerability in Ivanti Endpoint Manager

Jan 9, 2024 By Andres Ramos In Arctic Wolf
On January 4, 2024, Ivanti published a security advisory regarding a SQL injection vulnerability in their Endpoint Manager (EPM) solution, CVE-2023-39336. The vulnerability was rated with a CVSS of 9.6, as an attacker with access to the internal network can exploit this vulnerability to execute arbitrary SQL queries without authentication.
Read Post
Arctic Wolf

Behind the Ballot: Insights from Arctic Wolf's 2024 Election Security Survey

Jan 9, 2024 By Arctic Wolf In Arctic Wolf
As the United States gears up for the 2024 election, the significance of cybersecurity for state and local governments cannot be overstated. In an era where digital threats are increasingly sophisticated, robust cybersecurity measures are essential to protect both the critical election infrastructure and the integrity of elections itself.
Read Post
Arctic Wolf

Cloud Security Posture Management: What It Is, Why It Matters, and How It Works

Jan 4, 2024 By Sule Tatar In Arctic Wolf
The cloud provides greater efficiency and speed-to-market, which explains its rapid adoption by organizations all over the world. While the rise in cloud operations allows organizations of all sizes to operate in a way that’s more cost-effective and flexible, opening your data, assets, and networks to the internet creates additional risk — particularly around misconfiguration and compliance.
Read Post
Arctic Wolf

Follow-On Extortion Campaign Targeting Victims of Akira and Royal Ransomware

Jan 4, 2024 By Stefan Hostetler, Steven Campbell In Arctic Wolf
Arctic Wolf Labs is aware of several instances of ransomware cases where the victim organizations were contacted after the original compromise for additional extortion attempts. In two cases investigated by Arctic Wolf Labs, threat actors spun a narrative of trying to help victim organizations, offering to hack into the server infrastructure of the original ransomware groups involved to.
Read Post

Copyright © 2024 OpsMatters™. All rights reserved.