[ad_1]
Here’s a look at some of the most interesting news, articles and interviews from the past week:
Apple fixes zero-day zero-day iMessage exploited to distribute spyware (CVE-2021-30860)
Apple has released security updates for macOS, iOS, iPadOS, watchOS, and Safari that fix two vulnerabilities (CVE-2021-30860, CVE-2021-30858) that are exploited in wilderness attacks.
Kali Linux 2021.3 released: Kali NetHunter on a smartwatch, wider OpenSSL compatibility, new tools and more!
Offensive Security has released Kali Linux 2021.3, the latest version of its popular open source penetration testing platform. You can download it or upgrade it.
CVE-2021-40444 exploitation: researchers discover links to previous attacks
Recent targeted attacks exploiting the (then) zero-day remote code execution vulnerability (CVE-2021-40444) in Windows via tricked Office documents delivered custom Cobalt Strike payloads, were shared by Microsoft and RiskIQ, owned by Microsoft.
Microsoft announces passwordless authentication option for consumers
After offering the passwordless authentication option to corporate customers in March 2021, Microsoft has now started rolling it out to its consumer user segment.
Third-party cloud providers: expanding the attack surface
In this interview with Help Net Security, Fred Kneip, CEO of CyberGRX, talks about the lack of visibility into third-party risks, how to solve this problem, and what companies should consider when choosing the right provider. cloud.
Only 30% of businesses use cloud services with E2E encryption for external file sharing
A recent study of corporate IT security decision makers conducted by Tresorit shows that the majority of companies use additional encryption methods to enhance the security of cloud collaboration and file transfer, however, tools with end-to-end encryption end-integrated solutions are even less common despite the growing popularity of this privacy and security enhancing technology.
Building mobile apps: why data privacy and compliance should be at the forefront
In today’s mobile app landscape, providing customers with the most personalized and personalized experience possible is essential to stay ahead of the competition. But creating such a bespoke experience requires the collection of personal data – and given the reviews big tech companies are gathering for their misuse of sensitive information – mobile app developers need to prioritize privacy. and data compliance.
Growing Network Security Market Driven By Popularity Of Remote Work And Security Needs
Recent analysis by Frost & Sullivan of the Asia-Pacific (APAC) Network Security (NWS) market reveals that the growing acceptance of remote work and adoption of the cloud, remote workplace, collaboration and security drive growth.
How to achieve digital dexterity with a predominantly hybrid workforce
DEX is the way employees interact with IT and all technology capabilities within their workspace. The best way to improve DEX is to adopt a digital experience management (DEM) solution that can help monitor and simplify the end-user experience.
46% of all on-premises databases are vulnerable to attack, breaches expected to increase
46% of all on-premises databases worldwide are vulnerable to attack, according to an Imperva study. A five-year longitudinal study comprising almost 27,000 digitized databases found that the average database contains 26 existing vulnerabilities.
Health cybersecurity: How to avoid the compromise of patient records?
Year after year, the number of data breaches affecting entities in the healthcare sector is increasing and 2020 is no exception. The 616 data breaches reported last year to the US Department of Health and Human Services (DHHS) resulted in the exposure / compromise of 28,756,445 health records.
Ransomware preparedness low despite concerns from executives
86.7% of executives and other leaders say they expect an increase in the number of cyber attacks targeting their organizations over the next 12 months, according to a recent Deloitte survey.
How to assess the security risk of your databases
This article can help you quantify the level of security of your databases on a scale of 1 to 10. RSSIs and Database Administrators (DBAs) can use it to determine their level of security maturity and identify issues. steps to improve it further.
The external IT infrastructure of most Fortune 500 companies is considered at risk
Nearly three-quarters of Fortune 500 companies’ IT infrastructure exists outside their organization, a quarter of which had a known vulnerability that threat actors could infiltrate to gain access to sensitive employee or customer data, a study by Cyberpion.
OSI Layer 1: The soft underbelly of cybersecurity
As traditional cybersecurity solutions improve, they push cyber attackers into alternative avenues. Layer 1 of the OSI model (i.e. the physical layer) has become a breeding ground for attacks and, indeed, the soft underbelly of cybersecurity.
The highest paying IT certifications in 2021
A report on the skills and salaries of professionals in the technology sector reveals the true value of certification. He also identifies the number one reason for leaving a job is a lack of career growth and professional development.
Three ways to protect your organization from cyber attacks
Cyber ​​attacks continue to grab the headlines as more businesses fall victim to ransomware. Over the past year, we’ve witnessed some of the biggest real-world breaches, leaks, and attacks to date.
9 tips for avoiding cloud setup puzzles
T-Mobile’s recent breach is believed to be the result of a misconfiguration that made an access point publicly available on the Internet. Fortunately, there are tactics one can deploy to avoid cloud configuration breaches and prevent technological and human errors.
Keys to the Cloud: Unlocking Digital Transformation to Strengthen National Security
According to recent research, federal cloud computing spending is expected to grow from $ 6.8 billion in 2020 to nearly $ 7.8 billion in 2022. As this adoption accelerates, the environment Information remains heavily distributed and riddled with duplicate information, hampering decision makers with limited access to authoritative data, poor data integration between disparate systems, and poor quality data.
The digital identity imperative
The ever-evolving digital switchover means that most of our day-to-day business is done online. We’re now used to just switching between a few apps to book a ride, order dinner, and scroll through content from friends and public figures. Each of these actions requires a basic premise of online trust and security that begins with identities that need to be verified and authenticated.
CCSP practice quiz: time to test your knowledge
Studying for the CCSP exam? The CCSP Practice Quiz is a great (FREE) study tool that allows you to quickly identify any knowledge gaps you may have in each area. Your quiz results will help you refine your study strategy, so you can show up on test day ready to take the CCSP exam with confidence.
White Paper: Cobalt Strike – A Toolkit for Pentesters
The adoption of Cobalt Strike by underground cybercrime correlates with the increase in ransomware activity in recent years. Cobalt Strike is a commercial tool used by legitimate penetration testers. However, numerous open source reports show that the sequel is also used by state-sponsored actors and cybercriminals.
New infosec products of the week: September 17, 2021
Here’s a look at some of the more interesting product releases from the past week, with releases from inflation, IDrive, Hornetsecurity, Palo Alto Networks, Qualys, ThreatConnect, and Titania.
[ad_2]
