Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Arctic Wolf

Is Ransomware Malware?

Over the past few years, ransomware attack rates and ransom amounts have climbed so significantly that the cyber attack has broken out of the IT and security community to capture headlines around the world. In early May 2021, a suspected Russian hacking group took Colonial Pipeline — which provides 45% of the East Coast’s supply of gasoline, diesel fuel, and jet fuel — offline for more than three days in an attack that made ransomware a household word.

CVE-2024-6327: Critical RCE Vulnerability in Progress Telerik Report Server

On July 24, 2024, Progress published a knowledge base article disclosing a critical vulnerability (CVE-2024-6327) impacting Telerik Report Server, a product by Progress designed for streamlined report management within organizations. This vulnerability can lead to remote code execution (RCE) due to the deserialization of untrusted data. Arctic Wolf has not identified a publicly accessible proof of concept (PoC) exploit or active exploitation of this vulnerability. However, most notably.

Simplify Compliance for FFIEC-NCUA

Financial service organizations face a growing challenge. Their customers expect 24×7 access and self-service convenience, meaning these organizations must move to the cloud and embrace new technologies. However, those moves also expand their attack surface, increase cyber risk, and make achieving and maintaining compliance more challenging.

What Is EDR Security?

Back in 2013, Gartner’s Anton Chuvakin set out to name a new set of security solutions to detect suspicious activity on endpoints. After what he called, “a long agonizing process that involved plenty of conversations with vendors, enterprises, and other analysts,” Chuvakin came up with this phrase: endpoint threat detection and response.

CVE-2024-20401 and CVE-2024-20419: Critical Vulnerabilities in Cisco Secure Email and Cisco Smart Software Manager On-Prem

On July 17, 2024, Cisco publicly disclosed critical vulnerabilities in Cisco Secure Email Gateway (SEG) and Cisco Smart Software Manager On-Prem (SSM), identified as CVE-2024-20401 and CVE-2024-20419 respectively. Both of these vulnerabilities may allow for unauthenticated administrative actions to be taken by threat actors when exploited.

Abusing BOINC: FakeUpdates Campaign Bundling Malware with Legitimate Software

Beginning in early July 2024, Arctic Wolf responded to multiple SocGholish/FakeUpdate intrusions that resulted in a seemingly benign payload being delivered as a second-stage download. The zip file payload contained software from the Berkeley Open Infrastructure for Network Computing (BOINC) project, open-source software that allows users to contribute computing power to scientific research projects focused on solving complex calculations.

Security Live with AWS and Arctic Wolf

Each episode of Security Live features AWS and AWS Partners who are working to solve security challenges for customers. And few companies are doing that with the scale, speed, and efficiency of Arctic Wolf. In this episode, Arctic Wolf CISO Adam Marre explains how Arctic Wolf is solving the operations problem in the cybersecurity industry by providing the platform and human element to help organizations get the outcomes they need out of the tools in their tech stack.

Tips To Stop Social Engineers Exploiting The Global IT Outage

The recent global IT outage on Windows hosts will likely lead to a surge of threat actors posing as support agents offering “help” as a part of a social engineering attack. Here are some quick tips from Arctic Wolf to help you spot and stop these attacks.