What was once the thing of spy movies and industrial espionage news headlines is now, sadly, a common occurrence for public organizations and private enterprises around the globe. Insiders… employees, consultants, partners… have emerged as one of the most immediate and serious threats facing IT and cyber security teams and practitioners today. It is not however because every insider has turned malicious.

“Say ‘Ta,’” said Mamma Bear. “Ta,” said Baby Bear. He then dropped the mug of blackcurrant juice by accident. “What have you done?” exclaimed Daddy Bear. “The carpet is RUINED!!” Baby Bear felt a great sense of something disturbing, and this wasn’t a thousand voices suddenly being silenced. This was much deeper. This hurt, and Daddy Bear’s face was angry, disappointed. He was panicking about some purple stuff on the carpet.

At FORESIET, our goal has always been to protect companies from the risks brought by cyber attacks. Time is of the essence when it comes to cybersecurity, that’s why we put our best efforts to ensure that our clients don’t waste any. Because of our one-of-a-kind relationship with our clients, we’ve been recognized by The Manifest as India’s most recommended cybersecurity company for 2021! As a growing company, this big recognition means a lot to us.

Five worthy reads is a regular column on five noteworthy items we have discovered while researching trending and timeless topics. This week, we explore decentralized identity, aka self-sovereign identity.

Following on from Brexit, the UK received a positive adequacy decision on its personal data security standards by the EU. Building on this, the UK’s Information Commissioner's Office (ICO) has opened a consultation period to introduce its new International Data Transfer Agreement (IDTA). The European Commission has also issued a draft update addressing the same thing. So what triggered this new work? It’s all in response to the work done by privacy activist Max Schrems.

When we asked the security community who is their hacker hero, it was unsurprising to see that Eva Galperin, Director of Cybersecurity at EFF and co-founder of the Coalition Against Stalkerware was a finalist on the list. Galperin is a hacktivist known for her rage tweets that help her fight the good fight to protect vulnerable groups being targeted. Most known for her work to track down APTs, she also champions personal privacy and taking down stalkerware. Oh and she’s done a TED talk.

CVE-2021-25741 is a new vulnerability discovered in Kubernetes that allows users to create a container with subpath volume mounts to access files & directories outside of the volume, including the host filesystem. It was disclosed in September 2021 and affects kubelet, which is the node agent that runs on each Kubernetes node. In particular CVE-2021-25741 affects kubelet in these Kubernetes versions.

Most organizations understand the critical role that cybersecurity solutions play in protecting their environment. However, the abundance of available tools that claim to serve that need are leaving them unsure they're actually protected against today's sophisticated threats.

A selection of this week’s more interesting vulnerability disclosures and cyber security news. For a daily selection see our twitter feed at #ionCube24. Complex features require a little more care and understanding. If unsure I would advise disabling them and looking at the documentation – that is assuming such features have correct documentation!.

In cybersecurity, an attack vector is a method of gaining unauthorized access to a private network. These pathways are either unintentional, such as vulnerabilities in third-party software, or intentionally designed by hackers, such as malicious software (malware). Cybercriminals primarily exploit attack vectors to advance extorsion tactics, the most popular being the deployment of ransomware.