Here’s an overview of some of last week’s most interesting news, articles and interviews:
Apple fixes “zero-click” iMessage zero-day exploited to deliver spyware (CVE-2021-30860)
Apple has released security updates for macOS, iOS, iPadOS, watchOS and Safari that patch two vulnerabilities (CVE-2021-30860, CVE-2021-30858) that are being exploited in attacks in the wild.
Kali Linux 2021.3 released: Kali NetHunter on a smartwatch, wider OpenSSL compatibility, new tools, and more!
Offensive Security has released Kali Linux 2021.3, the latest version of its popular open source penetration testing platform. You can download it or upgrade to it.
CVE-2021-40444 exploitation: Researchers find connections to previous attacks
The recent targeted attacks exploiting the (at the time) zero-day remote code execution vulnerability (CVE-2021-40444) in Windows via booby-trapped Office documents have been delivering custom Cobalt Strike payloads, Microsoft and Microsoft-owned RiskIQ have shared.
Microsoft announces passwordless authentication option for consumers
After offering the passwordless authentication option to enterprise customers in March 2021, Microsoft has now started rolling it out to its consumer segment of users.
Third-party cloud providers: Expanding the attack surface
In this interview with Help Net Security, Fred Kneip, CEO at CyberGRX, talks about the lack of visibility into third-party risk, how to address this issue, and what companies should consider when choosing the right cloud provider.
Only 30% of enterprises use cloud services with E2E encryption for external file sharing
A recent study of enterprise IT security decision makers conducted by Tresorit shows that majority of enterprises use additional encryption methods to boost the security of cloud collaboration and file transfer, however, tools with built-in end-to-end encryption are still less frequent despite the growing popularity of this privacy and security enhancing technology.
Mobile app creation: Why data privacy and compliance should be at the forefront
In today’s mobile app landscape, providing customers with the most tailored and personal experience possible is essential to edging out competitors. But creating such a custom-made experience requires collecting personal data – and when considering the criticism massive tech companies are garnering for their misuse of sensitive information – mobile app developers must prioritize data privacy and compliance.
Network security market growth driven by remote work popularity and security needs
Frost & Sullivan’s recent analysis of the Asia-Pacific (APAC) network security (NWS) market finds that the increasing acceptance of remote work and adoption of cloud, the remote workplace, collaboration, and security are driving growth.
How to achieve digital dexterity with a predominantly hybrid workforce
DEX is the way employees interact with the IT department and any technology capabilities within their workspace. The best way to enhance DEX is by adopting a digital experience management (DEM) solution that can help monitor and simplify the end-user experience.
46% of all on-prem databases are vulnerable to attack, breaches expected to grow
46% of all on-prem databases globally are vulnerable to attack, according to a research by Imperva. A five-year longitudinal study comprising nearly 27,000 scanned databases discovered that the average database contains 26 existing vulnerabilities.
Healthcare cybersecurity: How to prevent the compromise of patient records?
Year after year, the number of data breaches affecting entities in the healthcare industry rises, and 2020 was no exception. The 616 data breaches reported this past year to the US Department of Health & Human Services (DHHS) have resulted in the exposure / compromise of 28,756,445 healthcare records.
Ransomware preparedness is low despite executives’ concerns
86.7% of C-suite and other executives say they expect the number of cyberattacks targeting their organizations to increase over the next 12 months, according to a recent Deloitte poll.
How to evaluate the security risk of your databases
This article can help you quantify the level of security of your databases on a scale of 1 to 10. CISOs and database administrators (DBAs) can use it to determine their security maturity level and identify steps to improve it further.
Most Fortune 500 companies’ external IT infrastructure considered at risk
Nearly three quarters of Fortune 500 companies’ IT infrastructure exists outside their organization, a quarter of which was found to have a known vulnerability that threat actors could infiltrate to access sensitive employee or customer data, a Cyberpion research reveals.
OSI Layer 1: The soft underbelly of cybersecurity
As traditional cybersecurity solutions improve, they push cyberattackers toward alternative paths. Layer 1 of the OSI model (i.e., the physical layer) has become a fertile ground for attacks and, effectively, the soft underbelly of cybersecurity.
Highest paying IT certifications in 2021
A report on the skills and salaries of professionals in the technology sector reveals the true value of certification. It also identifies the number one reason for leaving a job is a lack of career growth and professional development.
Three ways to keep your organization safe from cyberattacks
Cyberattacks continue making headlines as more companies fall victim to ransomware. Throughout the past year, we saw some of the largest breaches, leaks, and real-world attacks to date.
9 tips to avoid cloud configuration conundrums
The recent T-Mobile breach is reported to be the result of a misconfiguration that made an access point publicly accessible on the internet. Luckily, there are tactics one can deploy to avoid cloud configuration breaches and prevent error from both technology and humans.
Keys to the cloud: Unlocking digital transformation to enhance national security
According to recent research, federal spending on cloud computing is anticipated to grow from $6.8 billion in 2020 to nearly $7.8 billion in 2022. As this adoption accelerates, the information environment remains highly distributed and riddled with duplicative information, hindering decision makers with limited access to authoritative data, poor data integration across disparate systems, and low-quality data.
The digital identity imperative
The ever-evolving shift to digital means that most of our day-to-day activities are carried out online. We’re now accustomed to simply toggling through a few apps to book a ride, order dinner and scroll through content from friends and public figures alike. Each of these actions requires a basic premise of trust and safety online which starts with identities needing to be verified and authenticated.
CCSP practice quiz: It’s time to test your knowledge
Studying for the CCSP exam? The CCSP practice quiz is a great (FREE) study tool that allows you to quickly identify any knowledge gaps you might have in each domain. Your quiz results will allow you to refine your study strategy, so you can show up on test day ready to take the CCSP exam with confidence.
Whitepaper: Cobalt Strike – a toolkit for pentesters
The cybercrime underground’s adoption of Cobalt Strike correlates with the rise in ransomware activity over the past few years. Cobalt Strike is a commercial tool used by legitimate penetration testers. However, many open source reports show the suite also is used by state-sponsored actors and cybercriminals.
New infosec products of the week: September 17, 2021
Here’s a look at the most interesting product releases from the past week, featuring releases from Alation, IDrive, Hornetsecurity, Palo Alto Networks, Qualys, ThreatConnect and Titania.