Kaseya supply chain/ransomware cyberattack continues

Views expressed in this cyber security news summary are those of the reporters and correspondents.

Accessed on 29 July 2021, 0612 UTC.

Content supplied by “Cyber Security.”

Source (email subscription to “Cyber Security”):


Please click link or scroll down to read your selections.

Cyber Security



The big takeaway from the Kaseya supply chain/ransomware cyberattack
While the Kaseya, SolarWinds and other cyberattacks and global disruptors may appear dissimilar, having wildly varying causes and impacts, there is strategic value in considering them – and the supply chains they spread across – as a collective. Together, they represent a rapid learning opportunity for both adversaries and defenders – an open-source global weapons development program.
New bugs could let attackers hijack Zimbra server
SonarSource cybersecurity researchers have discovered multiple security vulnerabilities in Zimbra – email collaboration software used by global enterprises – that could be potentially exploited to compromise email accounts by sending a malicious message and even achieve a full takeover of the mail server when hosted on a cloud infrastructure.
Apple patches zero-day vulnerability in iOS, iPadOS and macOS
Apple has released security updates to address zero-day vulnerability exploited in the wild, impacting iPhones, iPads, and Macs. The vulnerability, tracked as CVE-2021-30807, is a memory corruption issue in the IOMobileFramebuffer kernel extension reported by an anonymous researcher, BleepingComputer reports.
Google launches bug hunters community
To celebrate the anniversary of its Vulnerability Reward Program and ensure the next 10 years are just as successful and collaborative, Google announced the launch of its new platform, bughunters.google.com. The new site brings all VRPs (Google, Android, Abuse, Chrome and Play) closer together and provides a single intake form that makes it easier for bug hunters to submit issues.


Cloud incident response demands cloud native capabilities
In today’s business environment security is a fundamentally functional and non-functional requirement and cannot be an afterthought where issues are chased after systems are operational. That’s why it’s vital that best practices be implemented by companies from the onset of any cloud migration strategy: backed by a robust and real-time capability to plan, investigate, and respond to all security
Data privacy in the era of COVID-19 vaccine rollouts
Organizations are also navigating an increasingly complex regulatory landscape where failure to comply can and has led to costly fines, a damaged corporate reputation, and lost business opportunities. Data has truly proven to be an invaluable asset, but also an unbounded risk if not properly managed.
More than one in three organizations say that they are experiencing more cyberattacks
Ransomware attacks have been increasingly in the headlines—and reaching historic levels of impact with the recent Colonial Pipeline and Kaseya attacks. Findings from the State of Cybersecurity 2021, Part 2 survey report from ISACA in partnership with HCL Technologies show that 35% of respondents report that their enterprises are experiencing more cyberattacks, three percentage points higher than l