Here’s an overview of some of last week’s most interesting news, articles and interviews:
A new zero-day is being exploited to compromise Macs (CVE-2021-30869)
Another zero-day in Apple’s software (CVE-2021-30869) is being actively exploited by attackers, forcing the company to push out security updates for macOS Catalina and iOS 12.
Plug critical VMware vCenter Server flaw before ransomware gangs start exploiting it (CVE-2021-22005)
VMware has fixed 19 vulnerabilities affecting VMware vCenter Server and VMware Cloud Foundation, the most critical of which is CVE-2021-22005.
A malicious document could lead to RCE in Apache OpenOffice (CVE-2021-33035)
Apache OpenOffice, one of the most popular open-source office productivity software suites, sports a RCE vulnerability (CVE-2021-33035) that could be triggered via a specially crafted document.
Nagios XI vulnerabilities open enterprise IT infrastructure to attack
Researchers have unearthed 11 vulnerabilities affecting Nagios XI, a widely used enterprise IT infrastructure/network monitoring solution, some of which can be chained to allow remote code execution with root privileges on the underlying system.
US agricultural co-op hit by ransomware, expects food supply chain disruption
New Cooperative Inc., an agricultural cooperative owned by Iowa corn and soy farmers, has been hit by the BlackMatter ransomware group. The attackers are asking the co-op to pay $5,900,000 for the decryption key and not to release the stolen data.
OWASP Top 10 2021: The most serious web application security risks
The definitive OWASP Top 10 2021 list is out, and it shows that broken access control is currently the most serious web application security risk.
Securing Kubernetes as it becomes mainstream
In this interview with Help Net Security, Shauli Rozen, CEO at ARMO, talks about securing Kubernetes (K8s) systems, what makes them susceptible to cyberattacks and what should organizations expect when deploying them.
Cloud and online backups increasing in popularity, but tape usage remains
15% of organizations are still using a combination of disk and tape backups, with 51% now using online or cloud backups, a research by Databarracks has revealed.
What businesses need to know about data decay
Data decay is the aging and obsolescence of data in such a way that makes it no longer usable due to loss of its integrity, completeness, and accuracy. Data that can no longer be easily understood, cannot be effectively leveraged and, therefore, lacks value.
Tech pros reporting a positive perception of their roles, looking forward to what lies ahead
Amidst ongoing pandemic-driven change at work and at home, a SolarWinds survey seeks to understand how tech pros feel about their daily roles and responsibilities, the lessons they learned over the past year, and what they think of the primary technical and nontechnical skills needed to capitalize on opportunities for their future career growth.
The complexities of vulnerability remediation and proactive patching
In this interview with Help Net Security, Eran Livne, Director, Product Management, Endpoint Remediation at Qualys, discusses vulnerability remediation complexity, the challenges related to proactive patching, as well as Qualys Patch Management.
Ransomware still a primary threat as cybercriminals evolve tactics
Ransomware remains primary threat in the first half of the year as cybercriminals continued to target big-name victims. Working with third parties to gain access to targeted networks, they used Advanced Persistent Threat tools and techniques to steal and encrypt victims’ data.
How to retain the best talent in a competitive cybersecurity market
We are currently experiencing The Great Resignation, where millions of people are leaving their jobs in search of increased satisfaction. The global pandemic gave many the time to think about what work means to them, their contributions to the industry and the organization they are a part of, how they spend their time, and most importantly, how a career may fulfill their lives.
Zero trust security solutions widely adopted, spurred by surge in ransomware
Over a decade after the zero trust security concept was first introduced, Ericom’s survey results indicate that zero trust solutions are being widely adopted.
How do I select a data privacy management solution for my business?
To select a suitable data privacy management solution for your business, you need to think about a variety of factors. We’ve talked to several industry professionals to get their insight on the topic.
Microsoft Power Apps data exposure: Prioritizing sensitive data with secure configuration settings
Security misconfigurations are one of the most common gaps hackers look to exploit. One bad configuration setting in a popular cloud platform can have far-reaching consequences, allowing threat actors to access an abundance of valuable, personal information and use it to their advantage.
Leveraging AI and automation to identify sensitive data at scale
In this interview with Help Net Security, Apoorv Agarwal, CEO at Text IQ, talks about the risk of unstructured data for organizations and the opportunity to leverage AI and automation to identify sensitive data at scale.
We cannot afford for healthcare security to be the “lowest-hanging fruit”
Healthcare organizations have never been more essential. Yet when it comes to cybersecurity, too many hospitals, medical groups and research centers lag far behind other critical industries.
Automation is not here to close the cybersecurity skills shortage gap, but it can help
In this interview with Help Net Security, Daniel Clayton, VP Global Security Services and Support at Bitdefender, talks about the cybersecurity skills shortage gap and the role of automation in improving the work of cybersecurity professionals.
How to protect the corporate network from spyware
It used to be easy for network administrators to identify where corporate boundaries are; they were usually where the external and internal networks meet. That made it easy for administrators to know where to place a firewall to keep the internal network safe. Nowadays, how does one separate employees’ smartphones from the corporate network when they are used for multi-factor authentication and reading work emails? The internal to external network boundaries have become blurry.
Protecting IoT devices requires a DNS-based solution
IoT devices are fast becoming an everyday part of our lives. Whether it be in the role they play in manufacturing and industry or powering the appliances in our own homes, it’s clear that IoT devices provide new and efficient ways of working and living.
Policy and patience key in Biden’s cybersecurity battle
Last month, President Biden hosted a group of technology and insurance executives to build support for a “whole-of-nation effort” to improve cybersecurity. The executive summit was one of a series of steps the Biden administration has taken to try to stem the tide of criminal activity targeting the nation’s public and private computer networks.
The evolution of DRaaS
When it comes to protecting critical information and achieving the ability to recover following a disruptive event such as a natural disaster, power outage, technical failure, or cyber incident, the methods and innovations of recovery have evolved to meet the demands of modern business and customers. One of these more recent evolutions in the umbrella of business continuity is Disaster Recovery as a Service (DRaaS).
Implementing risk quantification into an existing GRC program
With a myriad of risks and limited security budgets, how do organizations decide which projects to prioritize? Many governance, risk management and compliance (GRC) professionals believe risk quantification is the answer. Because risk-free operations don’t exist, risk quantification isn’t merely desirable — it’s necessary. And it plays an essential role in every business decision and risk type.
How do you measure the impact of security? Find out at SecTalks 2021
How are businesses learning, collaborating, and applying industry best practices? The half-day SecTalks 2021 virtual cybersecurity conference will look at how to quantify security ROI, major vulnerabilities and threats, and proven strategies to evolve, improve and level up.
New infosec products of the week: September 24, 2021
Here’s a look at the most interesting product releases from the past week, featuring releases from CoSoSys, Druva, McAfee, Nutanix and Stairwell.