Week in review: Kali Linux 2021.3, how to avoid cloud configuration breaches, hybrid digital dexterity


Here’s an overview of some of last week’s most interesting news, articles and interviews:

Apple fixes “zero-click” iMessage zero-day exploited to deliver spyware (CVE-2021-30860)
Apple has released security updates for macOS, iOS, iPadOS, watchOS and Safari that patch two vulnerabilities (CVE-2021-30860, CVE-2021-30858) that are being exploited in attacks in the wild.

Kali Linux 2021.3 released: Kali NetHunter on a smartwatch, wider OpenSSL compatibility, new tools, and more!
Offensive Security has released Kali Linux 2021.3, the latest version of its popular open source penetration testing platform. You can download it or upgrade to it.

CVE-2021-40444 exploitation: Researchers find connections to previous attacks
The recent targeted attacks exploiting the (at the time) zero-day remote code execution vulnerability (CVE-2021-40444) in Windows via booby-trapped Office documents have been delivering custom Cobalt Strike payloads, Microsoft and Microsoft-owned RiskIQ have shared.

Microsoft announces passwordless authentication option for consumers
After offering the passwordless authentication option to enterprise customers in March 2021, Microsoft has now started rolling it out to its consumer segment of users.

Third-party cloud providers: Expanding the attack surface
In this interview with Help Net Security, Fred Kneip, CEO at CyberGRX, talks about the lack of visibility into third-party risk, how to address this issue, and what companies should consider when choosing the right cloud provider.

Only 30% of enterprises use cloud services with E2E encryption for external file sharing
A recent study of enterprise IT security decision makers conducted by Tresorit shows that majority of enterprises use additional encryption methods to boost the security of cloud collaboration and file transfer, however, tools with built-in end-to-end encryption are still less frequent despite the growing popularity of this privacy and security enhancing technology.

Mobile app creation: Why data privacy and compliance should be at the forefront
In today’s mobile app landscape, providing customers with the most tailored and personal experience possible is essential to edging out competitors….

Source…