Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Latest Posts

CVE-2024-21591: Critical Junos OS Vulnerability Could lead to Unauthenticated Remote Code Execution

On January 10, 2024, Juniper Networks released patches to remediate a critical vulnerability (CVE-2024-21591) in Junos SRX and EX series devices. CVE-2024-21591 could allow a threat actor to cause a denial of service (DoS) or achieve unauthenticated remote code execution (RCE) with root privileges. The vulnerability impacts the J-Web component of Junos OS, the operating system running on the devices. The vulnerability was discovered during external security research.

CVE-2023-6548 & CVE-2023-6549: DoS and RCE Vulnerabilities Exploited in Citrix NetScaler ADC and NetScaler Gateway

On January 16, 2024, Citrix published a security bulletin disclosing two zero-day vulnerabilities (CVE-2023-6548 & CVE-2023-6549) being actively exploited in Citrix NetScaler ADC and NetScaler Gateway.

Ransomware-as-a-Service Will Continue to Grow in 2024

Ransomware-as-a-service (RaaS) may not be a brand-new tactic on the cyber battlefield, but it’s quickly gaining popularity among threat actors. For at least the past five years, cybercriminals have not only realized the monetary effectiveness of ransomware, but have understood that by banding together, and utilizing each other’s strengths, they could expand their ransomware attacks, split the profits, and utilize stolen data to launch future cyber attacks on larger organizations.

Securing Your IoT Network: 5 Best Practices to Protect Your Business

The volume of internet of things (IoT) devices is rapidly growing. From manufacturing to healthcare to retail, organizations are turning to these devices as they digitize and expand. In fact, it’s estimated that IoT devices make up 30% of devices on enterprise networks, and there’s an estimated 17 billion IoT devices in the world, from simple consumer devices to complicated enterprise tools.

CVE-2024-21887 and CVE-2023-46805: Actively Exploited Vulnerabilities in Ivanti Secure Products Chained Together to Achieve Unauthenticated RCE

In mid-December 2023, Volexity observed UTA0178–a potential Chinese nation-state threat actor–leveraging two zero-day vulnerabilities in Ivanti Connect Secure (formerly known as Pulse Connect Secure) VPN appliances to steal configuration data, modify and download files, establish a reverse tunnel, and ultimately place webshells (GLASSTOKEN) on multiple internal and external-facing web servers.

CVE-2024-20272: Critical Unauthenticated Arbitrary File Upload Vulnerability in Cisco Unity Connection

On January 10, 2024, Cisco disclosed a critical vulnerability, CVE-2024-20272, with a CVSS score of 7.3, in their Cisco Unity Connection software. This vulnerability allows an unauthenticated remote attacker to upload arbitrary files and execute commands on the underlying operating system. Cisco has released a patch to address the issue.

CVE-2023-39336: SQL Injection Vulnerability in Ivanti Endpoint Manager

On January 4, 2024, Ivanti published a security advisory regarding a SQL injection vulnerability in their Endpoint Manager (EPM) solution, CVE-2023-39336. The vulnerability was rated with a CVSS of 9.6, as an attacker with access to the internal network can exploit this vulnerability to execute arbitrary SQL queries without authentication.

Behind the Ballot: Insights from Arctic Wolf's 2024 Election Security Survey

As the United States gears up for the 2024 election, the significance of cybersecurity for state and local governments cannot be overstated. In an era where digital threats are increasingly sophisticated, robust cybersecurity measures are essential to protect both the critical election infrastructure and the integrity of elections itself.

Cloud Security Posture Management: What It Is, Why It Matters, and How It Works

The cloud provides greater efficiency and speed-to-market, which explains its rapid adoption by organizations all over the world. While the rise in cloud operations allows organizations of all sizes to operate in a way that’s more cost-effective and flexible, opening your data, assets, and networks to the internet creates additional risk — particularly around misconfiguration and compliance.

Follow-On Extortion Campaign Targeting Victims of Akira and Royal Ransomware

Arctic Wolf Labs is aware of several instances of ransomware cases where the victim organizations were contacted after the original compromise for additional extortion attempts. In two cases investigated by Arctic Wolf Labs, threat actors spun a narrative of trying to help victim organizations, offering to hack into the server infrastructure of the original ransomware groups involved to.