Here’s an overview of some of last week’s most interesting news, articles and interviews:
Apple fixes security feature bypass in macOS (CVE-2021-30892)
Apple has delivered a barrage of security updates for most of its devices this week, and among the vulnerabilities fixed are CVE-2021-30892, a System Integrity Protection (SIP) bypass in macOS, and CVE-2021-30883, an iOS flaw that’s actively exploited by attackers.
SolarWinds hackers are going after cloud, managed and IT service providers
Nobelium, the advanced, persistent threat (APT) actor behind the 2020 SolarWinds supply chain attack that served as a springboard for breaching a variety of high-level targets, is targeting organizations via their various service providers.
Popular npm package hijacked, modified to deliver cryptominers
Several versions of the npm package for UA-parser.js, a widely used JavaScript library, have been modified to include malicious code and have been made available for download.
MVSP: A minimum cybersecurity baseline to simplify vendor security assessment
Any organization that’s actively working on managing its cybersecurity risk can’t ignore the risk that goes with third-party…
