Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

On June 27th 2023, Arcserve published an advisory for a critical unauthenticated remote code execution (RCE) vulnerability affecting Arcserve Unified Data Protection (UDP) for Windows. Arcserve UDP is a centralized backup and disaster recovery solution. By exploiting this RCE vulnerability, threat actors may be able to gain unauthorized access to sensitive data, install malware, or launch other types of attacks from infected devices.

The Chief Information Security Officer (CISO) is a relatively recent addition to the ranks of organizational leadership. It is a key role for businesses and organizations that possess the necessary resources and recognize the need for a robust security program. When leveraged properly, the CISO assumes a leadership position that is integral to an organization’s C-suite.

Say you’re a medium-sized financial organization. Your clients trust you to not only provide excellent financial services, but to keep their money, financial data, and personal data safe. Unfortunately, the amount of money you store and move attracts a wide array of cybercriminals. Staying safe can become complicated, but no bank, trust, or credit union wants to gain headlines and lose customers over a breach. That’s where SOC2 (System and Organization Controls), can make a major difference.

As the Chief Information Security Officer (CISO) at Arctic Wolf, I have a deep bench of security experts I can leverage to provide the organization with robust risk management, threat detection, security awareness training, and incident response. That’s an advantage that small businesses often don’t have.

The cyber insurance market has matured rapidly over the past two years in the face of ever-evolving risk. Factors such as increased ransomware activity, ballooned claims frequency and loss severity, coupled with soaring market demand have brought us to what is referred to as the “second wave” of cyber insurance — a revolution in the way businesses are evaluated, underwritten and protected.

Arctic Wolf’s The State of Cybersecurity: 2023 Trends report revealed a painful, yet unsurprising statistic: 68% of organizations identified staffing-related issues as their number one threat to achieving their security objectives. Breaking that down further, 32% of organizations are having difficulty with hiring and retaining staff. The remaining 36% feel their existing security team lacks the necessary expertise.

On June 23, 2023, Fortinet disclosed a critical Remote Code Execution (RCE) vulnerability (CVE-2023-33299) affecting FortiNAC, a network access control solution utilized by organizations to manage network access policies and compliance. This vulnerability is the result of the deserialization of untrusted data. Deserialization vulnerabilities such as this one are dangerous because a threat actor can insert a modified serialized object into the system which leads to unauthenticated RCE.