%term

CVE-2022-36537 - Critical RCE Vulnerability & Supply Chain Risks in ConnectWise Recover and R1Soft Server Backup Manager

Nov 1, 2022 By Adrian Korn In Arctic Wolf

On October 28th, 2022, ConnectWise disclosed a critical remote code execution (RCE) vulnerability affecting ConnectWise Recover (version 2.9.7 and earlier) and R1Soft Server Backup Manager (version 6.16.3 and earlier). A threat actor could leverage an authentication bypass vulnerability in these products (CVE-2022-36537) to leak server private key files, software licenses, and system configuration files and ultimately achieve RCE as the system superuser.

Read Post

Arctic Wolf

Read more about CVE-2022-36537 - Critical RCE Vulnerability & Supply Chain Risks in ConnectWise Recover and R1Soft Server Backup Manager

Cloud Security Posture Management

Oct 31, 2022 By Arctic Wolf In Arctic Wolf

Arctic Wolf Cloud Security Posture Management security operations identify cloud resources at risk and provide guidance on hardening their posture, simplifying cloud security. Arctic Wolf Cloud Security Posture Management was built to make sure nothing gets missed; to give you greater context into your cloud platforms, identify gaps, and deliver posture hardening recommendations to keep your information safe.

View Video

Arctic Wolf

Read more about Cloud Security Posture Management

Arctic Wolf Managed Risk

Oct 31, 2022 By Arctic Wolf In Arctic Wolf

Arctic Wolf Managed Risk enables you to discover, benchmark, and harden your security across your networks, endpoints, and cloud environments. At the core of Arctic Wolf Managed Risk is our Concierge Security Team, providing you with personal security experts who deliver a quantified, real-time understanding of your cyber risk. From technical vulnerabilities like software defects and system misconfigurations, to unsafe practices like reusing passwords, our Concierge Security Team helps focus your team’s efforts to quickly improve your security posture and reduce risk.

View Video

Arctic Wolf

Read more about Arctic Wolf Managed Risk

What Security Teams Want from MDR Providers

Oct 31, 2022 By Arctic Wolf In Arctic Wolf

As security teams struggle to scale security programs to meet both attack surface and threat landscape growth and complexity, many are engaging managed detection and response (MDR) providers to accelerate their operating models. With no end in sight for the cybersecurity skills shortage, MDR services can bring immediate expert resources online, together with proven, best-of-breed processes and tools that can help security teams gain control and set themselves up for future security program success.

Read Post

Arctic Wolf

Read more about What Security Teams Want from MDR Providers

Managed Detection and Response (MDR) Buyer's Guide

Oct 31, 2022 By Kroll In Kroll

All organizations should have access to the skills needed to detect and contain threats. But, typically, only the very largest enterprises can afford the millions in annual staff and infrastructure investments required to maintain a Security Operations Center (SOC).

Read Post

Kroll

Read more about Managed Detection and Response (MDR) Buyer's Guide

Critical Remote Code Execution Vulnerability in VMware Cloud Foundation NSX-V: CVE-2021-39144

Oct 27, 2022 By Steven Campbell In Arctic Wolf

On Tuesday, October 25th 2022, VMware disclosed a critical remote code execution vulnerability (CVE-2021-39144, CVSS 9.8) in VMware Cloud Foundation NSX-V versions 3.x and older. A threat actor could perform remote code execution in the context of ‘root’ on the appliance due to an unauthenticated endpoint that leverages XStream for input serialization.

Read Post

Arctic Wolf

Read more about Critical Remote Code Execution Vulnerability in VMware Cloud Foundation NSX-V: CVE-2021-39144

How to Secure Funding from the Infrastructure Investment and Jobs Act: The Deadline Is Approaching

Oct 27, 2022 By Arctic Wolf In Arctic Wolf

The Infrastructure Investment and Jobs Act (IIJA) includes cybersecurity and will to hand out millions to state and local governments to help them improve their security posture and ward off future cyber threats. Getting your entity’s share of the $185 million (for calendar year 2022), however, is more complicated than emailing the federal government or asking your state for some cash. With a deadline of Nov.

Read Post

Arctic Wolf

Read more about How to Secure Funding from the Infrastructure Investment and Jobs Act: The Deadline Is Approaching

What Is MITRE D3FEND, and How Do You Use It?

Oct 26, 2022 By Torq In Torq

MITRE is a world-renowned research organization that aims to help build a safer world. It is probably best known in the information security industry for being the organization behind the industry-standard CVE (Common Vulnerabilities and Exposures) list. Each entry on the list is supposed to include an explanation of how the vulnerability could be exploited. These attack vectors are tracked and defined in another well-known knowledge base called ATT&CK, which is also maintained by MITRE.

Read Post

Torq

Read more about What Is MITRE D3FEND, and How Do You Use It?

SOC Talent: How to Stay Competitive in the Hiring and Retention Game

Oct 26, 2022 By Devo In Devo

The disparities in some key areas in our 2022 Devo SOC Performance ReportTM provide clear evidence that the issues facing organizations since the start of the global pandemic in early 2020 continue to affect SOC performance, especially in the areas of hiring and retaining SOC talent.

Read Post

Devo

Read more about SOC Talent: How to Stay Competitive in the Hiring and Retention Game

What Is the SHIELD Act And How Do You Achieve Compliance?

Oct 24, 2022 By Arctic Wolf In Arctic Wolf

On the internet, we’re all Hansel and Gretel. But the trail of breadcrumbs we leave behind when searching, posting on social media or shopping online aren’t designed to help us find our way back home. Instead, they’re designed to help the companies we interact with provide a richer, more customized and useful online experience.

Read Post