Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Blog

Follow-Up: Arctic Wolf Observes Ongoing Exploitation of Critical Palo Alto Networks Vulnerability CVE-2024-0012 Chained with CVE-2024-9474

On November 19, 2024, Arctic Wolf began observing active exploitation of the recently-disclosed CVE-2024-0012 and CVE-2024-9474 vulnerabilities impacting Palo Alto Networks PAN-OS software. When chained together, these vulnerabilities allow an unauthenticated threat actor with network access to the management web interface to gain administrator privileges.

What Happens if You Answer a Robocall?

If you answer a robocall, avoid interacting with the caller by not speaking or pressing any numbers on your phone’s keypad and hanging up immediately. Robocalls are phone calls that use pre-recorded messages; since these callers are not human beings speaking in real time, these phone calls are known as robocalls because their inauthentic nature makes them seem robotic.

How To Remove Your Personal Information From the Internet

You can remove your personal information from the internet by requesting that Google and people search sites remove it, checking if your credit card offers any removal services, deleting unused accounts and adjusting your privacy settings. Removing your Personally Identifiable Information (PII) from the internet can prevent cybercriminals from stealing your identity, committing fraud and targeting you with spam.

The Only Guide For NIST 800-53 You Need: Controls List, Control Examples, Challenges, Implementation Tips

NIST, or the National Institute of Standards and Technology, is a U.S. federal government agency that creates frameworks and publications to manage organisations’ security requirements. NIST has released many Special Publications (SP), each containing several guidelines and security controls. One of the most comprehensive frameworks under NIST is the SP 800-53. Initially designed for federal agencies, this framework has become increasingly relevant for businesses of all sizes.

Out of 29 Billion Cybersecurity Events, Phishing was the Primary Method of Initial Attack

The newly released single largest analysis of cyber attacks across all of 2023 show a strong tie between the use of phishing and techniques designed to gain credentialed access. I’ve stood on the “phishing is a problem” soapbox for many years, attempting to focus the attention of cybersecurity teams on the single largest problem within the organization: the employees that fall for social engineering tactics time and time again.

Ransomware Gangs Evolve: They're Now Recruiting Penetration Testers

A new and concerning cybersecurity trend has emerged. According to the latest Q3 2024 Cato CTRL SASE Threat Report from Cato Networks, ransomware gangs are now actively recruiting penetration testers to enhance the effectiveness of their attacks. This development signals a significant shift in the tactics employed by cybercriminals and underscores the need for organizations to remain vigilant in their defense strategies.

Enhancing AKS Backup with CloudCasa and Azure Arc

As Kubernetes adoption continues to grow, Microsoft Azure Kubernetes Service (AKS) has become a popular choice for deploying and managing containerized applications. To meet the increasing demand for data protection, Microsoft has introduced native backup solutions for AKS. However, there are some gaps in the native AKS backup capabilities that may not fully address the needs of enterprises and Managed Service Providers (MSPs), especially those with diverse environments.

How XDR Security Transforms Cyber Risk Management

In 2024, cyber threats are evolving fast. Attackers are using advanced tools like AI-powered malware, ransomware-as-a-service models, and targeted supply chain attacks that can get past traditional security measures. To fight these threats, security teams need tools that can move faster than attackers, giving them a clear view and coordinated responses across their IT ecosystem.