2025 Cyber Insurance Broker and Carrier Briefing
The Pack Looks Back: A 2024 Year in Review
It’s the holiday season, and as we close out the year, I’ve never been more confident in the people and mission that fuel Arctic Wolf. A year ago, we set a goal to be even bolder in our commitment to define the security operations industry, while maintaining the qualities that make us great: our community, … The Pack Looks Back: A 2024 Year in Review
The Pack Looks Back: A 2024 Year in Review
It’s the holiday season, and as we close out the year, I’ve never been more confident in the people and mission that fuel Arctic Wolf. A year ago, we set a goal to be even bolder in our commitment to define the security operations industry, while maintaining the qualities that make us great: our community, … The Pack Looks Back: A 2024 Year in Review
December 2024 Uptick in Social Engineering Campaign Deploying Black Basta Ransomware
Since 16 December 2024, Arctic Wolf has observed increased activity in a social engineering campaign associated with Black Basta ransomware. In this campaign, threat actors were observed using Microsoft Quick Assist and Teams to impersonate IT personnel and engage in malicious activities upon contacting victims. This is a continuation of the Black Basta campaign we … December 2024 Uptick in Social Engineering Campaign Deploying Black Basta Ransomware
December 2024 Uptick in Social Engineering Campaign Deploying Black Basta Ransomware
Since December 16, 2024, Arctic Wolf has observed increased activity in a social engineering campaign associated with Black Basta ransomware. In this campaign, threat actors were observed using Microsoft Quick Assist and Teams to impersonate IT personnel and engage in malicious activities upon contacting victims. This is a continuation of the Black Basta campaign we … December 2024 Uptick in Social Engineering Campaign Deploying Black Basta Ransomware
CVE-2024-53677: Exploitation Attempts of Critical Apache Struts RCE Vulnerability Following PoC Release
On December 15, 2024, reports emerged that threat actors have begun attempting to exploit a recently disclosed critical vulnerability in Apache Struts (CVE-2024-53677) shortly after the publication of a Proof-of-Concept (PoC) exploit. Apache Struts is a widely used open-source web application framework for developing Java-based applications. CVE-2024-53677 is a file upload path traversal vulnerability in … CVE-2024-53677: Exploitation Attempts of Critical Apache Struts RCE Vulnerability Following PoC Release
Arctic Wolf und BlackBerry kündigen Übernahmevereinbarung für Cylance an
Arctic Wolf erweitert seine Security Operations Aurora Plattform um erstklassige Endpoint-Prevention, -Detection und -Response WATERLOO, ONTARIO und EDEN PRAIRIE, MINNESOTA – 16. Dezember 2024 – Arctic Wolf® and BlackBerry Limited (NYSE: BB; TSX:BB), zwei weltweit führende Anbieter von Security Software und Services, haben heute bekannt gegeben, dass eine finale Vereinbarung zur Übernahme der Cylance® Endpoint Security-Assets von BlackBerry durch Arctic … Arctic Wolf und BlackBerry kündigen Übernahmevereinbarung für Cylance an
How Arctic Wolf Delivers Comprehensive Response Capabilities
In this video we’ll explore a few of the response actions the SOC team has at their disposal to take action and mitigate impact during a cyber security incident.
CVE-2024-12356: Critical Severity Command Injection Vulnerability in BeyondTrust Remote Support (RS) & Privileged Remote Access (PRA)
On December 16, 2024, BeyondTrust published a security advisory outlining a vulnerability impacting their Remote Support (RS) and Privileged Remote Access (PRA) software. The flaw, CVE-2024-12356, is a critical severity command injection vulnerability. If successfully exploited it can allow an unauthenticated remote threat actor to execute underlying operating system commands within the context of the … CVE-2024-12356: Critical Severity Command Injection Vulnerability in BeyondTrust Remote Support (RS) & Privileged Remote Access (PRA)
Arctic Wolf Observes Targeting of Publicly Exposed Fortinet Firewall Management Interfaces
Since early December 2024, Arctic Wolf has been monitoring threat activity involving the malicious use of management interfaces on FortiGate firewall devices on the public internet. While our investigation into this activity is ongoing and the scope is yet to be fully determined, organisations running these products should ensure that they are adhering to security … Arctic Wolf Observes Targeting of Publicly Exposed Fortinet Firewall Management Interfaces
Arctic Wolf Observes Targeting of Publicly Exposed Fortinet Firewall Management Interfaces
Since early December 2024, Arctic Wolf has been monitoring threat activity involving the malicious use of management interfaces on FortiGate firewall devices on the public internet. While our investigation into this activity is ongoing and the scope is yet to be fully determined, organizations running these products should ensure that they are adhering to security … Arctic Wolf Observes Targeting of Publicly Exposed Fortinet Firewall Management Interfaces
Arctic Wolf To Acquire Cylance Assets From BlackBerry For $160M
Advancing the Arctic Wolf Aurora Platform with Cylance’s Endpoint Security Suite
Arctic Wolf has taken a decisive step forward in our mission to end cyber risk by acquiring Cylance, a pioneer of AI-based endpoint protection. With this acquisition, Arctic Wolf ushers a new era of simplicity and automation to the endpoint security market that will deliver the security outcomes endpoint security customers have been struggling to … Advancing the Arctic Wolf Aurora Platform with Cylance’s Endpoint Security Suite
Arctic Wolf and BlackBerry Announce Acquisition Agreement for Cylance
Arctic Wolf to enhance its Security Operations Aurora Platform with best-in-class endpoint prevention, detection, and response WATERLOO, ONTARIO and EDEN PRAIRIE, MINNESOTA – December 16, 2024 – Arctic Wolf® and BlackBerry Limited (NYSE: BB; TSX:BB), two global leaders in security software and services, today announced they have entered into a definitive agreement for Arctic Wolf to acquire … Arctic Wolf and BlackBerry Announce Acquisition Agreement for Cylance
Advancing the Arctic Wolf Aurora Platform with Cylance’s Endpoint Security Suite
Arctic Wolf has taken a decisive step forward in our mission to end cyber risk by acquiring Cylance, a pioneer of AI-based endpoint protection. With this acquisition, Arctic Wolf ushers a new era of simplicity and automation to the endpoint security market that will deliver the security outcomes endpoint security customers have been struggling to … Advancing the Arctic Wolf Aurora Platform with Cylance’s Endpoint Security Suite
Understanding Shadow IT in the Age of AI
With the emergence of artificial intelligence (AI), there has been a flurry of new terms to describe an increasing variety of new problems. Some of those problems have been around for decades but are now more difficult to manage due to the versatility of AI-based tools and applications. One of those ongoing challenges is shadow … Understanding Shadow IT in the Age of AI
Understanding Shadow IT in the Age of AI
With the emergence of artificial intelligence (AI), there has been a flurry of new terms to describe an increasing variety of new problems. Some of those problems have been around for decades but are now more difficult to manage due to the versatility of AI-based tools and applications. One of those ongoing challenges is shadow … Understanding Shadow IT in the Age of AI
Cleo Releases Patches for Cleo MFT Zero-day Vulnerability
On 11 December 2024, Cleo released patches addressing the zero-day vulnerability recently observed in attacks targeting Cleo Managed File Transfer (MFT) products. This vulnerability allowed unauthenticated threat actors to import and execute arbitrary shell commands on Windows and Linux on affected devices by exploiting default settings of the Autorun directory. The fix is included in … Cleo Releases Patches for Cleo MFT Zero-day Vulnerability
Cleo Releases Patches for Cleo MFT Zero-day Vulnerability
On December 11, 2024, Cleo released patches addressing the zero-day vulnerability recently observed in attacks targeting Cleo Managed File Transfer (MFT) products. This vulnerability allowed unauthenticated threat actors to import and execute arbitrary shell commands on Windows and Linux on affected devices by exploiting default settings of the Autorun directory. The fix is included in … Cleo Releases Patches for Cleo MFT Zero-day Vulnerability
Cleopatra’s Shadow: A Mass Exploitation Campaign Deploying a Java Backdoor Through Zero-Day Exploitation of Cleo MFT Software
Key Takeaways Cleo MFT products were exploited by threat actors to deploy a malicious PowerShell stager, culminating in the execution of a Java-based backdoor we are dubbing Cleopatra. The campaign began on 7 December 2024, and is ongoing as of the publication of this article. The Cleopatra backdoor supports in-memory file storage and is designed … Cleopatra’s Shadow: A Mass Exploitation Campaign Deploying a Java Backdoor Through Zero-Day Exploitation of Cleo MFT Software
Cleo urges customers to ‘immediately’ apply new patch as researchers discover new malware
Cleopatra’s Shadow: A Mass Exploitation Campaign Deploying a Java Backdoor Through Zero-Day Exploitation of Cleo MFT Software
Key Takeaways Cleo MFT products were exploited by threat actors to deploy a malicious PowerShell stager, culminating in the execution of a Java-based backdoor we are dubbing Cleopatra. The campaign began on December 7, 2024, and is ongoing as of the publication of this article. The Cleopatra backdoor supports in-memory file storage and is designed … Cleopatra’s Shadow: A Mass Exploitation Campaign Deploying a Java Backdoor Through Zero-Day Exploitation of Cleo MFT Software
Follow-up: Threat Campaign Targeting Cleo MFT Products
On December 7, 2024, Arctic Wolf began observing a novel campaign exploiting Cleo Managed File Transfer (MFT) products across several customer environments. The vulnerability in this campaign involved unauthorized remote code execution (RCE) through the manipulation of the filesystem, and was suspected of being related to CVE-2024-50623. Most intrusions associated with this campaign were observed … Follow-up: Threat Campaign Targeting Cleo MFT Products
Ivanti Patches Multiple Critical-Severity Vulnerabilities in Cloud Services Application
On December 10, 2024, Ivanti released updates for three critical-severity vulnerabilities impacting their Cloud Services Application. By chaining the vulnerabilities together, a threat actor could obtain administrative privileges via authentication bypass (CVE-2024-11639), which could then allow for remote code execution (CVE-2024-11172) and/or SQL injection (CVE-2024-11173). CVE-2024-11639 CVSS: 10.0 – Critical No Exploitation Detected Authentication Bypass … Ivanti Patches Multiple Critical-Severity Vulnerabilities in Cloud Services Application
Arctic Wolf partners with Immersive Labs for Cyber Million program
Arctic Wolf: Cybersecurity insurance confidence score drops among insureds
Microsoft Patch Tuesday: December 2024
On 10 December 2024, Microsoft released their December 2024 security update, which included patches for 72 newly disclosed vulnerabilities. Among these vulnerabilities, Arctic Wolf has highlighted 16 in this security bulletin affecting Microsoft Windows, including: 15 Remote Code Execution (RCE) vulnerabilities rated as Critical by Microsoft. 1 vulnerability actively exploited in the wild. Vulnerabilities Vulnerability … Microsoft Patch Tuesday: December 2024
Microsoft Patch Tuesday: December 2024
On December 10, 2024, Microsoft released their December 2024 security update, which included patches for 72 newly disclosed vulnerabilities. Among these vulnerabilities, Arctic Wolf has highlighted 16 in this security bulletin affecting Microsoft Windows, including: 15 Remote Code Execution (RCE) vulnerabilities rated as Critical by Microsoft. 1 vulnerability actively exploited in the wild. Vulnerabilities Vulnerability … Microsoft Patch Tuesday: December 2024
Why Your HR Team Should Be the First Line of Defense Against Cyber Threats?
Ransomware group Termite strikes Blue Yonder SaaS provider
