Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Read also: US and UK sanction 11 Russians in connection with Trickbot malware, Football Leaks hacker escapes jail term, and more.

Over the past several years, an increasingly fluid work environment has followed trends of modern globalization in the workplace. Leveraging cloud solutions, many companies have let go of historical limitations imposed by on-premises and local solutions. The truth is, cloud outsourcing can be a game changer, as it provides organizations with more cost effective and management friendly software, infrastructure, and computing power than would otherwise be possible.

In the ever-evolving cybersecurity landscape, the need for a comprehensive security data lake (SDL) has become important to some enterprises. Organizations face multi-vector threats that demand extensive data analysis to effectively counter them.

Fileless malware, true to its name, is malicious code that uses existing legitimate programs in a system for compromise. It operates directly in the Random Access Memory (RAM) without requiring any executable files in the hard drive. Differing from conventional malware, fileless attacks are stealthier in nature, falling under the category of low-observable characteristics (LOC) attacks.

CISA, the United States's Cybersecurity and Infrastructure Security Agency, has ordered federal agencies to patch their iPhones against vulnerabilities that can be used as part of a zero-click attack to install spyware from the notorious NSO Group.

A selection of this week’s more interesting vulnerability disclosures and cyber security news. Here we are again with another zero day affecting iMessage…

A new comprehensive study by researchers at RWTH Aachen University in Germany did a study on over 300,000 docker images finding that 8.5% contained API keys and private keys that malicious actors could exploit in the wild.

Numerous U.S.-based companies that operate online have customers from the European Union (EU) or other parts of the European Economic Area (EEA). If your business engages with these customers, it is subject to the EU’s General Data Protection Regulation (GDPR). This extensive data privacy regulation has an impact on many U.S. entities due to its extraterritorial reach.

Under Data Encryption, the CISA Zero Trust Maturity Model v2.0 cites the criticality of “cryptographic agility” on the third (out of four) level of maturity. Cryptographic agility is the ability to change the underlying cryptographic algorithms in applications and communications channels. I believe this highlights the importance for organizations to be able to pivot their encryption algorithms to a post-quantum cryptographic world.

Cybercriminals can't ascertain your phone password just from a Wi-Fi signal, but they can come close according to a method described in a recent research paper. Researchers have demonstrated a method that uses Wi-Fi signals to infer numerical passwords, and the mechanics behind it are nothing short of intriguing. Side-channel attacks often remind me of James Bond-like espionage. So does a research paper that is to appear at ACM CCS later this year.