Today’s cybersecurity landscape can be challenging. Cyber attacks are rising every year (50% of organizations suffered a breach in 2022), the skills gap continues to widen, and hackers are taking advantage of new techniques and new criminal networks like ransomware-as-a-service to launch sophisticated attacks. For organizations, it’s become harder to stay secure. The internal security operations center (SOC) isn’t feasible for many.

On August 4, 2023, security researchers published a blog detailing a critical remote code (RCE) vulnerability in PaperCut NG/MF print management servers (CVE-2023-39143: CVSS 8.4). CVE-2023-39143 could allow unauthenticated threat actors to read, delete, and upload arbitrary files on compromised systems, which results in RCE. Additionally, this vulnerability does not require user interaction.

As organizations across the globe grapple with the growing issue of cyber attacks — 2023 cybercrime costs are expected to hit $8 trillion — organizations are realizing that more than technical tools are needed to stay ahead of mounting threats. Even one mistake by an untrained employee can have serious consequences and result in a data breach.

July was one of the hottest months in recent memory, and cybercriminals did their part to keep the heat cranked up for organizations around the globe. As organizations continued sorting through the wreckage of the massive MoveIT incident, new and ongoing threats continued to arrive from every corner. July’s notable breaches include attacks on healthcare providers, emergency services, government agencies, and free speech.

With the constant threat of cyber attacks against corporations of all sizes, last week the U.S. Securities and Exchange Commission (SEC) introduced new cybersecurity disclosure rules to ensure greater transparency and accountability for publicly traded companies.

On July 28th, 2023, Ivanti released a security advisory detailing a new vulnerability affecting Ivanti Endpoint Manager Mobile which allows an authenticated administrator to perform arbitrary file writes (CVE-2023-35081).

As more employees move to remote work, more of today’s business environment is shifting towards the cloud. Indeed, approximately 90% of companies use at least one cloud-based service. While it brings great benefits, the cloud also brings challenges, including properly securing cloud-based assets. Cybercriminals are well-versed in corporate cloud usage and are successfully exploiting that knowledge. In the past year and a half, nearly 80% of companies suffered a cloud-based data breach.