SecurityWeek reports that the National Institute of Standards and Technology has finalized its macOS security guidance, which has been based on the macOS Security Compliance Project and seeks to bolster mSCP awareness.
The guidance "and the mSCP GitHub site are intended for system administrators, security professionals, policy authors, privacy officers, and auditors who have responsibilities involving macOS security. Additionally, vendors of device management, security, configuration assessment, and compliance tools that support macOS may find this document and the GitHub site to be helpful," said NIST.
NIST noted that while mSCP will be independent of new macOS versions released annually, it will be updated in the event of significant modifications.
"Generally, the technical security settings in macOS do not drastically change from release to release, with only a handful of new settings being introduced. By pursuing a rules-based approach, mSCP rules that remain applicable can be reused and incorporated into guidance for the latest macOS version. This enables quicker adoption of new security features that are not offered in prior versions of macOS," NIST added.
CyberScoop reports that millions of files that may have sensitive information have been exposed by 314,000 internet-connected devices and servers with open directory listings, indicating potential significant exploitation.
Nearly 12,000 internet-facing Juniper firewall devices were discovered by VulnCheck to be impacted by a new medium-severity remote code execution vulnerability, which could be exploited to facilitate the execution of arbitrary code without the need to create a file, The Hacker News reports.
Get daily email updates
SC Media's daily must-read of the most current and pressing daily news