In this blog post, we aggregate key Kroll guidance on this security issue and the steps your organisation should take in response.

On June 27th 2023, Arcserve published an advisory for a critical unauthenticated remote code execution (RCE) vulnerability affecting Arcserve Unified Data Protection (UDP) for Windows. Arcserve UDP is a centralized backup and disaster recovery solution. By exploiting this RCE vulnerability, threat actors may be able to gain unauthorized access to sensitive data, install malware, or launch other types of attacks from infected devices.

We have found a new Prototype Pollution vulnerability in protobufjs (CVE-2023-36665). The maintainer of protobufjs has issued an update that fixed the issue on 27 June 2023. The vulnerability was discovered by Peter Samarin using Jazzer.js with our newly integrated Prototype Pollution bug detector. This finding emerged in part from our collaboration with Google's OSS-Fuzz and puts affected applications at risk of remote code execution and denial of service attacks.

According to the Verizon 2023 Data Breach Investigations Report, basic web application attacks, which consist largely of leveraging vulnerabilities and stolen credentials to get access to an organization’s assets, are the most prevalent pattern of attack against the financial services sector.

Software vulnerabilities are the most significant security risks organizations face today, and several critical vulnerabilities have been identified in 2023, including Apache Superset, Papercut, and MOVEit SQL Injection vulnerabilities. In the first quarter of 2023, AppTrana detected 24,000 vulnerabilities across 1,400+ sites.

Jackson National Life Insurance is based in Lansing, Michigan, and was founded in 1961. This insurance and annuities company offers retail brokerage services and offers asset management services to its customers. Nearly 3,000 people are employed by the company, and it has an annual revenue of $14.4 billion. This large-scale insurance company is just one of the many recent organizations to be hurt by the MOVEit file transfer service breaches.

Twenty-five percent: Any idea what this percentage is referring to? Let’s take some wild guesses: A five-year CAGR of your investments? Your yearly salary hike? If any of your guesses were remotely close to these happy responses, we’re sorry to break your heart! This percentage depicts the rise in the number of identified vulnerabilities in 2022 over the previous year. 2022 saw an alarming spike of 25% in identified vulnerabilities, the count rising to 25,227 from 20,171 previously.

The zero-day vulnerability in Progress Software's MOVEit Transfer product is being exploited by the Clop ransomware gang and other copycat cybercriminal groups to expedite the theft of sensitive data from customer databases. To protect your organization from compromise, follow the recommended response actions in this blog. Learn how UpGuard streamlines Vendor Risk Management >

Continuous integration (CI) and continuous delivery (CD) has become a ubiquitous practice for DevOps teams. The CI/CD process focuses on building and deploying new applications or releasing updates to already-deployed workloads. As a result, most CI/CD efforts focus on enhancing development speeds. However, CI/CD practices can accomplish much more than enabling workload deployments.