Arctic Wolf Risk Scan Engine
April 5, 2022
Easily add enterprise-strength compliance, vulnerability, and configuration assessment capabilities to your software product.
CATEGORY: Vulnerability Management
GitLab Password Security Vulnerability – CVE-2022-1162
April 3, 2022
On Thursday, March 31, 2022, GitLab released an advisory for a critical password security vulnerability in GitLab Community and Enterprise products tracked as CVE-2022-1162. GitLab
Important Updates on Spring4Shell Vulnerability
April 3, 2022
April 2, 2022 Update: Arctic Wolf Releases Open Source Spring4Shell Deep Scan Tool to Support the Security Community Today Arctic Wolf is making “Spring4Shell Deep
Cyber Risk Spotlight Report: 11 Metrics to Watch
April 1, 2022
Wondering what vulnerability metrics are most important to watch? Wonder no more.
Firewall Inferno – Sophos & SonicWall Vulnerabilities
March 29, 2022
CVE-2022-1040 and CVE-2022-22247 are two recent vulnerabilities that have been discovered in two different Firewall products. This blog post will cover both the Sophos Firewall
How Managed Risk Best Addresses the Three Pillars of Cybersecurity
March 23, 2022
Comparing and contrasting the effectiveness of Vulnerability Assessment (VA), Vulnerability Management (VM), Risk-Based Vulnerability Management (RBVM), and Managed Risk®. Performing a vulnerability assessment (VA), implementing
28 Vulnerabilities IT Teams Can’t Afford to Ignore
March 20, 2022
The key vulnerabilities and high-impact attacks that shaped the cyber risk landscape in 2021.
CVSS: Measuring the Severity of an IT Security Vulnerability
March 14, 2022
What Are CVSS Scores? The Common Vulnerability Scoring System (aka CVSS score) provides a numerical (0-10) representation of the severity of an information security vulnerability.
Dirty Pipe: Linux Kernel Vulnerability Could Lead to Root Privileges – CVE-2022-0847
March 8, 2022
Background In April 2021, CVE-2022-0847 was discovered by security researcher Max Kellermann; it took another few months for him to figure out what was happening.
Understanding the Spring4Shell Vulnerability
March 5, 2022
How to use Arctic Wolf’s Spring4Shell Deep Scan to identify known vulnerable Spring Framework Java class files.
Critical Vulnerability in the SAP Internet Communication Manager Component Could Lead to Full System Takeover, Patch Available
February 28, 2022
Background On Tuesday, February 8, 2022, SAP patched a critical memory corruption vulnerability (CVE-2022-22536) in the SAP Internet Communication Manager (ICM) component that could lead
Breaking Down the 5 Most Disruptive Vulnerability Types
February 22, 2022
A deep dive into five types of vulnerabilities that risk management programs should focus on.
Samba Patches Critical Remote Code Execution Vulnerability – CVE-2021-44142
February 1, 2022
Background On Monday, January 31, 2022, Samba released an advisory for remote code execution vulnerability CVE-2021-44142. All versions of Samba prior to 4.13.17 are vulnerable
Log4Shell in the Field – A Brief Analysis Through January 2022
January 28, 2022
This is a follow-up to our previous blog posts covering the Log4j vulnerability and the Deep Scan tool we made available to help identify vulnerable
Important Updates on Critical Log4j/Log4Shell Vulnerabilities
January 17, 2022
December 20 Update: Arctic Wolf Provides Video Walkthrough of Log4Shell Deep Scan Tool In this short six-minute video, Arctic Wolf provides an update on the
Arctic Wolf Joins Gartner Peer Insights Customer First Program
January 14, 2022
Arctic Wolf joins the Gartner Peer Insights Customer First Program in the vulnerability assessment and managed detection and response service. The members of the Arctic
4 Questions IT Leaders Should Ask Before Purchasing a Vulnerability Scanning Solution
December 29, 2021
As the old saying goes, “an ounce of prevention is worth a pound of cure.” So how does this relate to cybersecurity? Glad you asked!
The ROI of Proactive Cybersecurity
December 17, 2021
Learn fundamentals of proactive cybersecurity and key differences between a proactive and reactive approach.
Understanding the Log4j/Log4Shell Vulnerability
December 17, 2021
Get up to speed on the latest findings regarding the Log4j vulnerability.
New Campaign Exploiting ManageEngine ServiceDesk Plus Vulnerability – CVE-2021-44077
December 7, 2021
Background On Thursday, December 2, 2021, the Cybersecurity & Infrastructure Security Agency (CISA) and Federal Bureau of Investigations (FBI) reported a new campaign targeting ManageEngine
New Vulnerability Exploited in ManageEngine Desktop Central Enterprise & MSP – CVE-2021-44515
December 6, 2021
Background On Friday, December 3, 2021, ManageEngine released a patch advisory for CVE-2021-44515, an authentication bypass vulnerability affecting Desktop Central Enterprise and MSP versions. Desktop
How Proactive Cybersecurity Measures Can Save Institutions Millions
December 6, 2021
Charleston Southern University and Arctic Wolf share how they developed, refined, and hardened the university’s cybersecurity.
Patches Released for Actively Exploited Vulnerabilities in Microsoft Exchange and Microsoft Excel – CVE-2021-42321 & CVE-2021-42292
November 30, 2021
Background On Tuesday, November 9, 2021, Microsoft released patches for two actively exploited vulnerabilities, CVE-2021-42321 in Microsoft Exchange, and CVE-2021-42292 in Microsoft Excel. CVE ID
New Campaign Exploiting ManageEngine ADSelfService Plus Vulnerability – CVE-2021-40539
November 10, 2021
Background Security researchers at Microsoft and Palo Alto Networks are reporting a new campaign targeting ManageEngine ADSelfService Plus servers that are vulnerable to CVE-2021-40539. Microsoft
Magnitude Exploit Kit Targeting Chromium Browser & Windows Vulnerabilities
October 25, 2021
Background Security researchers have observed a significant shift in tactics from the Magnitude Exploit Kit (EK) this week with the addition of exploits for Chromium-based
New Vulnerabilities Affecting Apache Server 2.4.49/2.4.50 – CVE-2021-41773 & CVE-2021-42013
October 8, 2021
Background On Tuesday, October 5, 2021, Apache released a patch advisory for CVE-2021-41773, a path traversal, and file disclosure vulnerability affecting Apache HTTP Server version
SecOps Deep Dive Part 4: Microsoft Exchange Vulnerability Attack
October 6, 2021
Discover how Arctic Wolf uncovered suspicious activity and were able to quickly investigate, verify and, remediate this incident.
Critical Vulnerability in VMware vCenter Server – CVE-2021-22005
September 28, 2021
On Tuesday, September 21, 2021, VMware released a patch advisory for a new remote code execution (RCE) vulnerability in VMware vCenter Server tracked as CVE-2021-22005.
A Linux Servers with OMI Agent Actively Targeted in Campaign Exploiting CVE-2021-38647 RCE
September 20, 2021
Background On September 14, 2021, Microsoft released a patch advisory for CVE-2021-38647, a remote code execution (RCE) vulnerability affecting Open Management Infrastructure (OMI), an open-source
Everything You Need to Know About the Apple Emergency Software Update
September 16, 2021
On Tuesday, September 14, Apple announced its latest generation of products along with the major release of iOS 15. Unfortunately, this coincided with an earlier
Subscribe to our Monthly Newsletter
