Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Security threats evolve just as fast as the technologies used to stop them. New and modified attack strategies are constantly in the works. To make matters worse, the attack surface within corporate networks is expanding. The push to work from home increased vulnerable points of entry by introducing multitudes of new endpoint devices. The move to cloud-based services and infrastructure has further resulted in a broader and more challenging landscape to defend.

Not everyone had the luxury of enjoying BBQ and backyard time during Fourth of July weekend. Kaseya, an IT management software provider, spent their 2021 holiday fighting a ransomware attack. You likely saw news of the attack in headlines over that holiday weekend, especially considering Kaseya is a technology provider to thousands of managed service providers.

Stop me if you’ve heard this one: “we’re finding it really difficult to fill cyber roles.” In recent years, cyber-attacks have transcended industries and demographics — as has the need for strong, proactive cybersecurity. In the modern cyber landscape, everyone is a target, and every business needs to defend themselves against cyber threats. That means more organizations are on the lookout for security professionals.

At the heart of almost every business interaction lies trust. Whether logging in to a website, providing information over the phone, or interacting via email, trust is essential when the communication involves money, sensitive data, or both. To win a victim’s trust, gain access to a secure system, receive sensitive data, or insert malicious software, cybercriminals use various tools and tactics to mask their identity or disguise their devices. These tactics are the foundation of a spoofing attack.

The only constant you can count on in technology is change. From microprocessors to PCs to smartphones to software, technology continues to become faster, smarter, and more sophisticated. But make no mistake: what’s changed the most in the world of technology over the past few decades is the hacker. Hackers are highly motivated to stay ahead of the latest security trends. It’s how they keep from getting caught, and how they keep the fun and profit rolling.

The business world is changing fast. The shift to hybrid or remote models and the rapid adoption of cloud services are allowing employees to work from anywhere, while giving the companies they work for the chance to increase innovation and stay ahead of their competition. The cybersecurity industry has changed as well, with those same innovations creating new challenges for IT and security teams.

On Wednesday, August 3, 2022, Cisco disclosed two critical-severity vulnerabilities (CVE-2022-20842 and CVE-2022-20827) impacting RV160, RV260, RV340, and RV345 series small business routers. Both vulnerabilities are due to insufficient validation but differ in how they are exploited.

Exciting times are here at Arctic Wolf. This week, we celebrated a pair of awards recognizing our status as an industry innovator and employer of choice, with rankings on both the Forbes Cloud 100 and Fortune Best Medium Workplaces list.

On Tuesday, August 2, 2022, VMware disclosed a critical-severity authentication bypass vulnerability (CVE-2022-31656) impacting multiple VMware products, including VMware’s Workspace ONE Access, Identity Manager (vIDM), and vRealize automation. If successfully exploited, the vulnerability could allow a threat actor with network access to the user interface to obtain administrative access without needing to authenticate.