On Wednesday, April 6, 2022, VMware disclosed several critical-severity vulnerabilities impacting multiple VMware products. If successfully exploited, the vulnerabilities could lead to Remote Code Execution
Easily add enterprise-strength compliance, vulnerability, and configuration assessment capabilities to your software product.
On Thursday, March 31, 2022, GitLab released an advisory for a critical password security vulnerability in GitLab Community and Enterprise products tracked as CVE-2022-1162. GitLab
April 2, 2022 Update: Arctic Wolf Releases Open Source Spring4Shell Deep Scan Tool to Support the Security Community Today Arctic Wolf is making “Spring4Shell Deep
Wondering what vulnerability metrics are most important to watch? Wonder no more.
CVE-2022-1040 and CVE-2022-22247 are two recent vulnerabilities that have been discovered in two different Firewall products. This blog post will cover both the Sophos Firewall
Comparing and contrasting the effectiveness of Vulnerability Assessment (VA), Vulnerability Management (VM), Risk-Based Vulnerability Management (RBVM), and Managed Risk®. Performing a vulnerability assessment (VA), implementing
The key vulnerabilities and high-impact attacks that shaped the cyber risk landscape in 2021.
What Are CVSS Scores? The Common Vulnerability Scoring System (aka CVSS score) provides a numerical (0-10) representation of the severity of an information security vulnerability.
Background In April 2021, CVE-2022-0847 was discovered by security researcher Max Kellermann; it took another few months for him to figure out what was happening.
How to use Arctic Wolf’s Spring4Shell Deep Scan to identify known vulnerable Spring Framework Java class files.
Background On Tuesday, February 8, 2022, SAP patched a critical memory corruption vulnerability (CVE-2022-22536) in the SAP Internet Communication Manager (ICM) component that could lead
A deep dive into five types of vulnerabilities that risk management programs should focus on.
Background On Monday, January 31, 2022, Samba released an advisory for remote code execution vulnerability CVE-2021-44142. All versions of Samba prior to 4.13.17 are vulnerable
This is a follow-up to our previous blog posts covering the Log4j vulnerability and the Deep Scan tool we made available to help identify vulnerable
December 20 Update: Arctic Wolf Provides Video Walkthrough of Log4Shell Deep Scan Tool In this short six-minute video, Arctic Wolf provides an update on the
Arctic Wolf joins the Gartner Peer Insights Customer First Program in the vulnerability assessment and managed detection and response service. The members of the Arctic
As the old saying goes, “an ounce of prevention is worth a pound of cure.” So how does this relate to cybersecurity? Glad you asked!
Learn fundamentals of proactive cybersecurity and key differences between a proactive and reactive approach.
Get up to speed on the latest findings regarding the Log4j vulnerability.
Background On Thursday, December 2, 2021, the Cybersecurity & Infrastructure Security Agency (CISA) and Federal Bureau of Investigations (FBI) reported a new campaign targeting ManageEngine
Background On Friday, December 3, 2021, ManageEngine released a patch advisory for CVE-2021-44515, an authentication bypass vulnerability affecting Desktop Central Enterprise and MSP versions. Desktop
Charleston Southern University and Arctic Wolf share how they developed, refined, and hardened the university’s cybersecurity.
Background On Tuesday, November 9, 2021, Microsoft released patches for two actively exploited vulnerabilities, CVE-2021-42321 in Microsoft Exchange, and CVE-2021-42292 in Microsoft Excel. CVE ID
Background Security researchers at Microsoft and Palo Alto Networks are reporting a new campaign targeting ManageEngine ADSelfService Plus servers that are vulnerable to CVE-2021-40539. Microsoft
Background Security researchers have observed a significant shift in tactics from the Magnitude Exploit Kit (EK) this week with the addition of exploits for Chromium-based
Background On Tuesday, October 5, 2021, Apache released a patch advisory for CVE-2021-41773, a path traversal, and file disclosure vulnerability affecting Apache HTTP Server version
Discover how Arctic Wolf uncovered suspicious activity and were able to quickly investigate, verify and, remediate this incident.
On Tuesday, September 21, 2021, VMware released a patch advisory for a new remote code execution (RCE) vulnerability in VMware vCenter Server tracked as CVE-2021-22005.
Background On September 14, 2021, Microsoft released a patch advisory for CVE-2021-38647, a remote code execution (RCE) vulnerability affecting Open Management Infrastructure (OMI), an open-source
