Security News > 2021 > October > Week in review: Popular npm package hijacked, zero trust security key tenets, wildcard certificate risks

Week in review: Popular npm package hijacked, zero trust security key tenets, wildcard certificate risks
2021-10-31 09:00

Apple fixes security feature bypass in macOSApple has delivered a barrage of security updates for most of its devices this week, and among the vulnerabilities fixed are CVE-2021-30892, a System Integrity Protection bypass in macOS, and CVE-2021-30883, an iOS flaw that's actively exploited by attackers.

Good security habits: Leveraging the science behind how humans develop habitsIn this interview with Help Net Security, George Finney, CSO at Southern Methodist University, explains what good security habits are, how to successfully implement them and why are they important.

Network and IoT security in a zero trust security modelYou can never be too careful when it comes to network and IoT security.

The dangers behind wildcard certificates: What enterprises need to knowBefore IT leaders can truly respond to and mitigate wildcard certificate security risks - and manage wildcard certificates - it's essential to first understand what wildcard certificates are and why it's a common, flexible and helpful, but risky certificate.

Four key tenets of zero trust securityAs cybercrime threatens businesses of all sizes, industries and locations, organizations have realized that the status quo is no longer tenable and that implementing zero trust is necessary.

The CISO's guide to third-party security managementManaging the security of your third parties is crucial, but security assessments are riddled with problems, including a lack of context, scalability and relevance.


News URL

http://feedproxy.google.com/~r/HelpNetSecurity/~3/HNk72jcZvew/

Related Vulnerability

DATE CVE VULNERABILITY TITLE RISK
2021-08-24 CVE-2021-30892 Incorrect Permission Assignment for Critical Resource vulnerability in Apple mac OS X
An inherited permissions issue was addressed with additional restrictions.
local
low complexity
apple CWE-732
5.5
2021-08-24 CVE-2021-30883 Out-of-bounds Write vulnerability in Apple products
A memory corruption issue was addressed with improved memory handling.
local
low complexity
apple CWE-787
7.8