Here’s a summary of the most interesting news, articles, and interviews from last week:
Apple has fixed a “zero-click” iMessage zero-day abused to deliver spyware (CVE-2021-30860)
Apple has released security updates for macOS, iOS, iPadOS, watchOS and Safari. These vulnerabilities patch two vulnerabilities (CVE-2021-30860 and CVE-2021-30858) that have been exploited in real-world attacks.
Kali Linux 2021.3 has been released: Kali NetHunter on smartwatches, wider OpenSSL compatibility, new tools and more!
Offensive Security has released Kali Linux 2021.3, the latest version of the popular open source penetration testing platform. You can download or upgrade.
Abuse of CVE-2021-40444: Researchers have found a link to previous attacks
(At that time) A recent targeted attack that exploits a zero-day remote code execution vulnerability (at that time)CVE-2021-40444On Windows, custom Cobalt Strike payloads are delivered via booby trapped Office documents, shared by Microsoft and Microsoft-owned RiskIQ.
Microsoft Announces Passwordless Authentication Option for Consumers
After offering passwordless authentication options to enterprise customers in March 2021, Microsoft is now rolling out to the consumer segment of its users.
Third-party cloud providers: Expanding attack surface
In this interview with Help Net Security, CyberGRX CEO Fred Kneip told companies about their lack of visibility into third-party risks, how to address this issue, and how to choose the right cloud provider. Let’s talk about things to consider.
Only 30% of companies use cloud services with E2E encryption for external file sharing
According to a recent survey of enterprise IT security decision makers conducted by Tresorit, the majority of companies use additional cryptography to enhance the security of cloud collaboration and file transfers, but end-to-end encryption. Tools with built-in are still less frequent. This privacy and security-enhancing technology is growing in popularity.
Mobile App Creation: Why Data Privacy and Compliance Need to Be at the Front
In today’s mobile app situation, it’s imperative to provide customers with the most customized and personalized experience possible in order to eliminate competitors. However, to create such a custom-made experience, you need to collect personal data. Given that large tech companies are criticizing the misuse of sensitive information, mobile app developers should prioritize data privacy and compliance.
Growth of the network security market driven by the popularity and security needs of remote work
A recent analysis of the Asia Pacific (APAC) Network Security (NWS) market by Frost & Sullivan found that increased acceptance of remote work and adoption of cloud, remote workplace, collaboration and security are driving growth. ..
How to Achieve Digital Dexterity, Primarily with a Hybrid Workforce
DEX is a way for employees to interact with technology features in their IT departments and workspaces. The best way to enhance DEX is to employ a Digital Experience Management (DEM) solution that helps monitor and simplify the end-user experience.
46% of all on-premises databases are vulnerable to attack and breach is expected to spread
According to Imperva’s research, 46% of all on-premises databases in the world are vulnerable to attack. A five-year longitudinal study involving nearly 27,000 scanned databases found that the average database contained 26 existing vulnerabilities.
Medical Cybersecurity: How to Prevent Patient Record Violations?
The number of data breaches affecting healthcare industry entities is increasing year by year, and 2020 was no exception. Last year, 616 data breaches reported to the US Department of Health and Human Services (DHHS) leaked / compromised 28,756,445 medical records.
Ransomware preparation is low despite executive concerns
According to a recent Deloitte poll, 86.7% of C Suite and other executives say they expect the number of cyberattacks targeting their organizations to increase over the next 12 months.
How to assess database security risks
This article will help you quantify the security level of your database on a scale of 1-10. CISOs and database administrators (DBAs) can use it to determine security maturity levels and identify steps to further improve.
The external IT infrastructure of most Fortune 500 companies is considered risky
Nearly three-quarters of Fortune 500 enterprise IT infrastructure is outside the organization, and one-quarter can be compromised by threat attackers to gain access to sensitive employee and customer data. It turns out that there is a known vulnerability that it is possible.
OSI Layer 1: Cybersecurity Soft Underberry
As traditional cybersecurity solutions improve, they push cyber attackers towards alternative paths. Layer 1 (that is, the physical layer) of the OSI model is a fertile foundation for attacks, effectively the soft side of cybersecurity.
The most expensive IT certification in 2021
A report on the skills and salaries of technology sector professionals reveals the true value of certification. He also identifies that the number one reason for quitting a job is lack of career growth and professional development.
Three Ways to Protect Your Organization from Cyber Attacks
Cyber attacks continue to attract attention as more companies fall victim to ransomware. Over the past year, we’ve seen some of the biggest breaches, leaks, and real attacks ever.
9 Tips for Avoiding Cloud Configuration Challenges
Recent T-Mobile violations have been reported to be the result of misconfigurations that made access points publicly accessible on the Internet. Fortunately, there are tactics that can be deployed to avoid cloud configuration violations and prevent errors from both technology and humans.
Key to the Cloud: Unlock Digital Transformation to Strengthen National Security
According to a recent study, federal spending on cloud computing is expected to increase from $ 6.8 billion in 2020 to nearly $ 7.8 billion in 2022. As this adoption accelerates, the information environment becomes highly decentralized, flooded with duplicate information, and access is restricted to decision makers. Reliable data, inadequate data integration between heterogeneous systems, and poor quality data.
Essentials for digital identity
The ever-evolving transition to digital means that most of our day-to-day activities are carried out online. I’m now used to switching between several apps to book rides, order dinner, and scroll through the content of friends and celebrities. Each of these actions requires a basic premise of online trust and security. This starts with the need for identity verification and authentication.
CCSP Practice Quiz: It’s time to test your knowledge
Are you studying for the CCSP exam? The CCSP practice quiz is a great (free) learning tool that allows you to quickly identify potential knowledge gaps in each domain. The results of the quiz can improve your learning strategy so you can confidently set your questions on the test day when you are ready to take the CCSP exam.
White Paper: Cobalt Strike – Toolkit for Pen Testers
Underground cobalt strike adoption of cybercrime correlates with increased ransomware activity over the past few years. Cobalt Strike is a commercial tool used by legitimate intrusion testers. However, many open source reports show that the suite is also used by state-sponsored actors and cybercriminals.
New infosec product of the week: September 17, 2021
Take a look at last week’s most interesting product releases featuring releases from Alation, IDrive, Hornetsecurity, Palo Alto Networks, Qualys, ThreatConnect, and Titania.
Week of Review: Kali Linux 2021.3, How to Avoid Cloud Configuration Violations, Hybrid Digital Dexterity
https://www.helpnetsecurity.com/2021/09/19/week-in-review-kali-linux-2021-3-how-to-avoid-cloud-configuration-breaches-hybrid-digital-dexterity/ Week of Review: Kali Linux 2021.3, How to Avoid Cloud Configuration Violations, Hybrid Digital Dexterity