SecOps

CVE-2022-40684: Widespread Exploitation of Critical Fortinet Authentication Bypass Vulnerability

Oct 14, 2022 By Steven Campbell In Arctic Wolf

Previously published blog post: Recently, Arctic Wolf observed threat actors begin exploiting CVE-2022-40684, a critical remote authentication bypass vulnerability impacting FortiOS, FortiProxy, and FortiSwitchManager.

Read Post

Arctic Wolf

Read more about CVE-2022-40684: Widespread Exploitation of Critical Fortinet Authentication Bypass Vulnerability

Critical Remote Code Execution & Authentication Bypass Vulnerabilities in Aruba EdgeConnect Enterprise Orchestrator

Oct 14, 2022 By James Liolios In Arctic Wolf

On Tuesday, October 11th, 2022, Aruba disclosed three critical vulnerabilities impacting EdgeConnect Enterprise Orchestrator. The vulnerabilities, CVE-2022-37913, CVE-2022-37914, CVE-2022-37915, are remote code execution and authentication bypass vulnerabilities that could enable remote threat actors to compromise a host. In order for a threat actor to exploit these vulnerabilities, WAN access would need to be available for the CLI and/or web-based management interfaces.

Read Post

Arctic Wolf

Read more about Critical Remote Code Execution & Authentication Bypass Vulnerabilities in Aruba EdgeConnect Enterprise Orchestrator

Five tips for managing the cost of your security operations

Oct 13, 2022 By Aoife Anderson In Tines

With the global economy experiencing a slowdown, security teams are feeling the pressure to reduce costs without sacrificing security. But while it's important to be fiscally responsible, making cuts in the wrong areas can put your organization at risk. Malicious actors know that businesses are under even more pressure during times of economic turmoil.

Read Post

Tines

Read more about Five tips for managing the cost of your security operations

Calculate the Cost of A Data Breach

Oct 12, 2022 By Arctic Wolf In Arctic Wolf

The worst-case scenario happens: Your organization suffers a data breach. It’s going to take time to clean it up, the business’ reputation may take a hit, and there’s the major issue of cost. How much does cleanup cost? What if it’s a ransomware attack where your organization must pay the ransom? What other specialists will you have to hire—and how much will you need to pay them?

Read Post

Arctic Wolf

Read more about Calculate the Cost of A Data Breach

Inside the SecOps Team at bet365: Moving your SIEM to the Cloud

Oct 12, 2022 By Matthias Maier In Splunk

Hello, I love to look behind the scenes of SecOps teams to learn how they operate. Recently I had the pleasure to work with John Eccleshare, Head of Compliance and Information Security, at bet365 as John took the stage at Gartner Security and Risk Summit in London.

Read Post

Splunk

Read more about Inside the SecOps Team at bet365: Moving your SIEM to the Cloud

Security Basics: Incident Response and Automation

Oct 11, 2022 By Kelsey Jones In Torq

Incident response is one of the most challenging tasks that IT teams face. It's challenging not just because it typically involves many stakeholders and moving pieces, but also because teams usually face pressure to respond as quickly as possible. That's why investing in incident response automation is a wise choice. Although it may not be possible to automate every aspect of every incident response workflow, being able to automate at least the major elements of incident response will yield incident management processes that are faster, more reliable, and more consistent.Keep reading to learn about the components of incident response and which incident response activities to start automating.

Read Post

Torq

Read more about Security Basics: Incident Response and Automation

CVE-2022-40684: Critical Remote Authentication Bypass Vulnerability in FortiOS & FortiProxy

Oct 7, 2022 By Steven Campbell In Arctic Wolf

Late Thursday, October 6, 2022, Fortinet disclosed a critical remote authentication bypass vulnerability —CVE-2022-40684— impacting FortiOS and FortiProxy. The vulnerability could allow a remote unauthenticated threat actor to obtain access to the administrative interface and perform operations via specially crafted HTTP or HTTPS requests.

Read Post

Arctic Wolf

Read more about CVE-2022-40684: Critical Remote Authentication Bypass Vulnerability in FortiOS & FortiProxy

Help Protect Seniors from Cyber Crime

Oct 7, 2022 By Arctic Wolf In Arctic Wolf

At Arctic Wolf, we see the dark side of the internet 24x7 while protecting our customers from cyber attacks. And we carry this knowledge home with us, understanding that our friends and family are also vulnerable, especially those older than 65.

View Video

Arctic Wolf

Read more about Help Protect Seniors from Cyber Crime

Threat Intelligence 101

Oct 7, 2022 By Sule Tatar In Arctic Wolf

You can’t protect your system if you don’t know where the vulnerabilities lie or what aspects of your security architecture are being targeted by threats. Intelligence is everything in security — it’s how CISO’s make large-scale operational decisions, how IT teams prioritize projects, and how responders restore and remediate a system during and after an incident.

Read Post

Arctic Wolf

Read more about Threat Intelligence 101

Updated Guidance for Microsoft Exchange Zero-Day Vulnerabilities Exploited in the Wild

Oct 6, 2022 By Steven Campbell In Arctic Wolf

On Wednesday, October 5, 2022, Microsoft published updated mitigation guidance for two zero-day vulnerabilities in Microsoft Exchange Server: CVE-2022-41040 (SSRF vulnerability) and CVE-2022-41082 (RCE vulnerability). Arctic Wolf covered initial assessments on this blog post. Organizations that run Microsoft Exchange on-prem or in a hybrid model should complete both Microsoft provided mitigations to reduce the potential for successful exploitation.

Read Post