March 1, 2024 at 11:21AM
SecurityWeek’s cybersecurity news roundup compiles key developments in the industry, offering insight into critical vulnerabilities, policy changes, and industry reports. This week’s stories include Apple’s EU user security efforts, a macOS API bug, Intel’s vulnerability patching, CISA’s guide for university cybersecurity clinics, NSO’s court order, and China’s data security plan. Other notable topics include malware on PCs, hacked Anycubic 3D printers, and various cyber threats.
From the provided meeting notes, here are the key takeaways:
– Apple has outlined its efforts to protect user security and privacy in the EU to comply with the Digital Markets Act, including implementing app notarization and additional malware protections in an upcoming iOS update.
– A researcher has found a macOS API bug related to scanning binaries for malicious code, which could allow malware to go undetected.
– Intel patched 353 vulnerabilities in 2023, and CISA published a resource guide for university cybersecurity clinics to address the cyber workforce gap.
– NSO Group has been ordered to hand over spyware used against WhatsApp customers, and China has announced a three-year plan to boost data security in the industrial sector.
– Malware has been found on new PCs shipped by Chinese company Acemagic, and Anycubic 3D printers have been reportedly hacked, displaying messages about a critical vulnerability.
– Brian Krebs reported on Calendly meeting links being used to deliver malware to macOS systems, and an open redirect vulnerability associated with Google Web Light has been actively exploited.
– Semperis disclosed the details of Silver SAML, a new technique that could pose a severe risk for some organizations, although there is no current evidence of malicious exploitation.
These are the main highlights from the cybersecurity news roundup provided. Let me know if you need any further details or analysis on specific topics.