Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

July was one of the hottest months in recent memory, and cybercriminals did their part to keep the heat cranked up for organizations around the globe. As organizations continued sorting through the wreckage of the massive MoveIT incident, new and ongoing threats continued to arrive from every corner. July’s notable breaches include attacks on healthcare providers, emergency services, government agencies, and free speech.

With the constant threat of cyber attacks against corporations of all sizes, last week the U.S. Securities and Exchange Commission (SEC) introduced new cybersecurity disclosure rules to ensure greater transparency and accountability for publicly traded companies.

On July 28th, 2023, Ivanti released a security advisory detailing a new vulnerability affecting Ivanti Endpoint Manager Mobile which allows an authenticated administrator to perform arbitrary file writes (CVE-2023-35081).

As more employees move to remote work, more of today’s business environment is shifting towards the cloud. Indeed, approximately 90% of companies use at least one cloud-based service. While it brings great benefits, the cloud also brings challenges, including properly securing cloud-based assets. Cybercriminals are well-versed in corporate cloud usage and are successfully exploiting that knowledge. In the past year and a half, nearly 80% of companies suffered a cloud-based data breach.

The past 18 months have shown that cybersecurity is an essential part of a successful and resilient business model, regardless of whether an organization has 50 or 5,000 employees. With half of all organizations surveyed in the 2023 Arctic Wolf “State of Cybersecurity” Trends Report noting they experienced a breach within the last year, it’s clear that cyber attacks and data breaches continue to keep security professionals up at night.

No matter your organization’s maturity, industry, or business goals, cybersecurity should always be top of mind. Considering the Australian Cyber Security Centre (ACSC) recorded a staggering 76,000 cybercrime reports in the 2022 financial year, it’s safe to say that all organizations are at risk for an incident or breach.

On July 24th, 2023, Ivanti released a security advisory detailing a remote authentication bypass vulnerability (CVE-2023-35078) affecting Ivanti Endpoint Manager Mobile. This vulnerability, with a CVSS score of 10, allows unauthenticated access to specific API paths, which could allow a threat actor to obtain personal identifiable information (PII) such as names, phone numbers, and other mobile device details.