SecurityWeek’s cybersecurity news roundup provides a concise compilation of noteworthy stories that might have slipped under the radar.
We provide a valuable summary of stories that may not warrant an entire article, but are nonetheless important for a comprehensive understanding of the cybersecurity landscape.
Each week, we curate and present a collection of noteworthy developments, ranging from the latest vulnerability discoveries and emerging attack techniques to significant policy changes and industry reports.
Here are this week’s stories:
Apple outlines EU user security and privacy efforts
Apple has published a 32-page document describing its efforts to protect user security and privacy in the European Union to comply with the Digital Markets Act (DMA). In an upcoming iOS update, Apple is implementing app notarization, app installation sheets, marketplace developer authorization, and additional malware protections.
macOS API bug could allow malware to go undetected
Patrick Wardle, a researcher specializing in Apple security, has found a macOS API bug related to scanning binaries for malicious code. The bug could allow malware to avoid being scanned.
Intel patched 353 vulnerabilities in 2023
Intel’s 2023 Product Security Report reveals that the company patched 353 vulnerabilities last year. Unlike the previous year, when it announced paying out nearly $1 million in bug bounties, Intel did not make any bug bounty amounts public in the 2023 report.
CISA resource guide for university cybersecurity clinics
CISA has published a resource guide for university cybersecurity clinics, which train students to strengthen the cyber defenses of under-resourced organizations such as nonprofits, hospitals, small businesses and municipalities. These clinics can help address the cyber workforce gap.
NSO ordered to hand over spyware to WhatsApp
In the lawsuit filed by WhatsApp against Israeli spyware maker NSO Group, a court has ordered NSO to hand over spyware used against WhatsApp customers, as well as information on its functionality. The spyware vendor will not have to name any of its clients or provide information on its server architecture.
China to boost data security in industrial sector
China’s Ministry of Industry and Information Technology has unveiled a three-year plan to boost the protection of data belonging to organizations in the industrial sector. The government has outlined 11 tasks related to protecting data, regulating data security, and supporting the data security industry. Mirroring the West, China is working on replacing hardware and software made by Western companies with local alternatives, partly due to hacking concerns.
Malware found on PCs made by Chinese firm Acemagic
Various pieces of malware were discovered recently on new PCs shipped by Chinese company Acemagic. The firm has confirmed reports of malware being found on its products, but its explanation related to boot time improvements, source code changes, and digital certificates is confusing. Impacted device owners will allegedly be refunded.
Anycubic 3D printers hacked
Many owners of Anycubic 3D printers reported that their devices had been hacked to display a message informing them about a critical vulnerability. The message may have been sent to millions of printers. The vendor said it was investigating the issue.
Calendar meeting links spread Mac malware
Brian Krebs has a story on Calendly meeting links being used to deliver malware to macOS systems. Krebs learned about the attacks from someone in the cryptocurrency industry. Previous reports described similar attacks linked to North Korean threat actors.
Google open redirect vulnerability exploited in the wild
A researcher has disclosed the details of an actively exploited open redirect vulnerability impacting a Google domain. The domain in question is associated with Google Web Light, which the tech giant retired in late 2022. However, some functionality is still active and it has reportedly been abused for phishing attacks. Google’s bug bounty program does not cover open redirect vulnerabilities and the flaw reportedly remains unpatched.
New Silver SAML attack technique
Semperis has disclosed the details of Silver SAML, a new technique that enables the exploitation of SAML to launch attacks against applications such as Salesforce. There is no evidence of malicious exploitation and the risk to most organizations is moderate, but a similar technique, Golden SAML, was exploited in the 2020 SolarWinds attack, and Silver SAML could pose a severe risk for some organizations.
Related: In Other News: Spyware Vendor Shutdown, Freenom-Meta Settlement, 232 Threat Groups
Related: In Other News: US Hacks Iranian Spy Ship, Rhysida Ransomware Decryption, NIST Guidance