Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

September 2024

Arctic Wolf

Multiple Vulnerabilities Disclosed in Linux-based CUPS Printing Service

Sep 27, 2024 By Stefan Hostetler In Arctic Wolf
On September 26, 2024, a security researcher disclosed several vulnerabilities affecting Common UNIX Printing System (CUPS) within GNU/Linux distributions. CUPS is an open-source printing system that allows Unix-like operating systems, including Linux and MacOS, to manage printers and print jobs across local and networked environments. The newly identified CUPS vulnerabilities identified are.
Read Post
Arctic Wolf

Critical RCE Vulnerabilities Impacting HPE Aruba Networking Access Points

Sep 26, 2024 By Andres Ramos In Arctic Wolf
On September 24, 2024, Hewlett Packard Enterprise (HPE), the parent company of Aruba Networks, released a security bulletin addressing three critical command injection vulnerabilities affecting Aruba Networking Access Points. These vulnerabilities, identified as CVE-2024-42505, CVE-2024-42506, and CVE-2024-42507, could allow remote unauthenticated attackers to execute code with privileged access.
Read Post

The Howler Episode 13: One Year Anniversary Live

Sep 23, 2024 By Arctic Wolf In Arctic Wolf
Join hosts Chelsea and Mary as they celebrate one year of The Howler Podcast! From sharing their meet-cute story to interviewing various pack members, this episode is full of both heartwarming & funny moments highlighting the people & programs that make Arctic Wolf so special! Interested in running with the pack? Explore careers at Arctic Wolf—one of the fastest-growing and exciting cybersecurity companies in the world, to learn about how you can join our Pack, create impact, and influence what’s next in security operations.
View Video
Arctic Wolf

Top Government Cyber Attacks

Sep 19, 2024 By Arctic Wolf In Arctic Wolf
Government entities were in the top five industries targeted by both ransomware and business email compromise (BEC) attacks in 2023, according to Arctic Wolf. Additionally, the FBI reported that government entities were the third most-targeted sector by ransomware in 2023, and Arctic Wolf’s own research saw the average ransom for government organizations top $1 million USD that same year. It’s clear that cyber threats are plentiful for these entities.
Read Post
Arctic Wolf

CVE-2024-38812: Critical RCE Vulnerability Fixed in VMware vCenter Server and Cloud Foundation

Sep 18, 2024 By Andres Ramos In Arctic Wolf
On September 17, 2024, Broadcom released fixes for a critical vulnerability impacting VMware vCenter Server and Cloud foundation, tracked as CVE-2024-38812. This vulnerability is a heap-overflow flaw in the implementation of the DCERPC protocol that a remote attacker can use to send specially crafted network packets to vCenter Server, potentially leading to Remote Code Execution (RCE).
Read Post
Arctic Wolf

Five Hidden Costs of Cyber Attacks

Sep 17, 2024 By Arctic Wolf In Arctic Wolf
In the modern, interconnected world, no organization is immune from a cyber attack. Indeed, most experts agree that it is a matter of “when,” not “if” an organization will be targeted by threat actors. If an attack is successful, the immediate costs — including potential ransom payments, lost revenue, and costs associated with remediation and restoration — can be substantial.
Read Post
Arctic Wolf

Types of Security Scans Every Organization Should Be Using

Sep 12, 2024 By Arctic Wolf In Arctic Wolf
In 2023, nearly 60% of incidents investigated by Arctic Wolf Incident Response involved a vulnerability that was two — or more — years old. That means the organization had 24-plus months to find and remediate the vulnerability before threat actors took advantage. Why do vulnerabilities remain persistent? There’s a number of reasons, not the least of which is that more of them pop up each day, creating a mountain of vulnerabilities that feels too difficult to summit for most businesses.
Read Post
Arctic Wolf

CVE-2024-6678: GitLab Fixes Critical Pipeline Execution Vulnerability

Sep 12, 2024 By Andres Ramos In Arctic Wolf
On September 11, 2024, GitLab released patches for a critical vulnerability affecting various versions of GitLab CE/EE, identified as CVE-2024-6678. This flaw allows a remote attacker to trigger a pipeline as an arbitrary user under specific conditions. A GitLab pipeline is a collection of automated processes that run in stages to build, test, and deploy code.
Read Post
Arctic Wolf

How Manufacturing Organizations Can Increase Their Cybersecurity

Sep 11, 2024 By Arctic Wolf In Arctic Wolf
When Clorox was hit with a ransomware attack in 2023, the impact went beyond just the infected endpoints. Threat actors succeeded in taking many of the organization’s automated systems offline and impacted large retailers’ ability to order products from the manufacturer. There was significant operational downtime as it took Clorox over a month to contain the breach, and the resulting financial loss was in the tens of millions.
Read Post
Arctic Wolf

CVE-2024-29847: Ivanti Addresses Maximum Severity RCE Vulnerability in Endpoint Manager

Sep 10, 2024 By Andres Ramos In Arctic Wolf
On September 10, 2024, Ivanti released fixes for CVE-2024-29847, a maximum severity vulnerability in Ivanti Endpoint Manager (EPM). This flaw, found in the agent portal of specific EPM versions, allows Remote Code Execution (RCE) by an unauthenticated attacker due to improper deserialization of untrusted data.
Read Post
Arctic Wolf

Understanding the Schools and Libraries Cybersecurity Pilot Program

Sep 6, 2024 By Arctic Wolf In Arctic Wolf
Schools and libraries often lack the funding and staffing needed to build and maintain a robust cybersecurity program. They are also the exact kind of organizations threat actors prefer— under defended and a storehouse of personally identifiable information (PII). Considering that, in 2024, education was the second-most represented industry in ransomware attacks, and third-most in business email compromise (BEC) attacks, it’s clear that protection is paramount.
Read Post
Arctic Wolf

Critical Vulnerabilities Patched in Veeam Products

Sep 6, 2024 By Andres Ramos In Arctic Wolf
On September 4, 2024, Veeam released a security bulletin announcing that they have fixed several vulnerabilities affecting various Veeam products. Arctic Wolf has highlighted five of these vulnerabilities, which are classified as critical. Arctic Wolf has not observed any exploitation of these vulnerabilities in the wild and has not identified any publicly available proof of concept (PoC) exploit code.
Read Post
Arctic Wolf

Arctic Wolf Observes Akira Ransomware Campaign Targeting SonicWall SSLVPN Accounts

Sep 6, 2024 By Stefan Hostetler In Arctic Wolf
On August 22, 2024, a remote code execution vulnerability (CVE-2024-40766) was disclosed in SonicOS, affecting a selection of SonicWall firewall devices. At the time of disclosure, active exploitation was not known and no proof-of-concept exploit was publicly available. As of September 6, 2024, however, the security advisory has been updated with additional details, indicating that the vulnerability is potentially being actively exploited.
Read Post
Arctic Wolf

CVE-2024-7261: Critical OS Command Injection Vulnerability in Zyxel APs and Security Routers

Sep 5, 2024 By Andres Ramos In Arctic Wolf
On September 3, 2024, Zyxel released patches for a critical OS command injection vulnerability, identified as CVE-2024-7261, affecting Access Points (APs) and security routers. This vulnerability stems from improper handling of special elements in the “host” parameter within the CGI program of certain AP and router versions, potentially allowing an unauthenticated attacker to execute OS commands by sending a specially crafted cookie to the vulnerable device.
Read Post
Arctic Wolf

CVE-2024-20439 & CVE-2024-20440: Critical Cisco Smart Licensing Utility Vulnerabilities

Sep 5, 2024 By Andres Ramos In Arctic Wolf
On September 4, 2024, Cisco released fixes for two critical vulnerabilities in Cisco Smart Licensing Utility (CSLU), a tool used to manage licenses across Cisco products in a network. Cisco has stated that these vulnerabilities are only exploitable if the Smart Licensing Utility is actively running and has been started by a user. Note: These vulnerabilities do not impact Cisco’s Smart Software Manager On-Prem or Satellite.
Read Post
Arctic Wolf

How a Security Operations Approach Can Prevent Man-in-the-Middle Attacks

Sep 3, 2024 By Arctic Wolf In Arctic Wolf
Here’s an endpoint you don’t often think about: your car. But if it’s Wi-Fi enabled, as many new models are, that means it resides at the end point of a network connection and can communicate on that network, making it an endpoint.
Read Post
Arctic Wolf

CVE-2024-6633: Critical Credential Vulnerability Affecting Fortra FileCatalyst Workflow

Sep 3, 2024 By Andres Ramos In Arctic Wolf
On August 27, 2024, Fortra published a security advisory regarding a critical credential vulnerability in FileCatalyst Workflow, identified as CVE-2024-6633. FileCatalyst Workflow is a managed file transfer solution used for exchanging large files across networks.
Read Post

Copyright © 2024 OpsMatters™. All rights reserved.