Security News > 2021

Recently the Linux kernel community was aflame due to efforts by researchers at the University of Minnesota to intentionally torpedo Linux security by submitting faulty patches. Organizations of all sizes have depended upon Linux for performance and security for decades; in fact, those same organizations depend upon a wide array of open source, generally.

Apple patched a zero-day vulnerability in its MacOS that can bypass critical anti-malware capabilities and which a variant of the notorious Mac threat Shlayer adware dropper already has been exploiting for several months. Security researcher Cedric Owens first discovered the vulnerability, tracked as CVE-2021-30657 and patched in macOS 11.3, an update dropped by Apple on Monday.

The software supply chain is part of the information and communications technology supply chain framework, which represents "The network of retailers, distributors, and suppliers that participate in the sale, delivery, and production of hardware, software, and managed services," CISA and NIST explain. Aside from the SolarWinds incident, other notorious supply chain attacks over the past several years include the CCleaner malware campaign, the MeDoc compromise leading to NotPetya, Operation ShadowHammer, the infection of IoT devices running Windows 7, and the abuse of Kaspersky Lab software to steal NSA files.

Apple has patched a serious security bypass vulnerability in macOS that has been exploited in the wild by at least one threat group. The Big Sur update fixes nearly 60 security holes, including a logic issue tracked as CVE-2021-30657 that, Apple says, can allow a malicious application to bypass Gatekeeper checks.

The Washington, D.C., police department said Monday that its computer network was breached, and a Russian-speaking ransomware syndicate claimed to have stolen sensitive data, including on informants, that it threatened to share with local criminal gangs unless police paid an unspecified ransom. The District of Columbia's Metropolitan Police Department said in a statement that it had asked the FBI to investigate the "Unauthorized access." There was no indication that any police operations were affected, and the department did not immediately say whether it had been hit by ransomware.

Apple has patched a critical macOS zero-day that has been exploited by Shlayer malware for months and has finally introduced/enabled the App Tracking Transparency feature and policy in iOS, iPadOS and tvOS. A zero-day exploited by malware peddlers. Discovered by security researcher Cedric Owens and privately reported to Apple in March 2021, CVE-2021-30657 is a logic issue that allowed attackers to craft a macOS payload that is not checked by Gatekeeper, the macOS's security feature that verifies downloaded applications before allowing them to run, and bypasses File Quarantine and Application Notarization protections as well.

Proofpoint announced that it has entered into a definitive agreement to be acquired by Thoma Bravo in an all-cash transaction that values Proofpoint at approximately $12.3 billion. Under the terms of the agreement, Proofpoint shareholders will receive $176.00 per share in cash, representing a premium of approximately 34 percent over Proofpoint's closing share price on April 23, 2021, the last full trading day prior to the transaction announcement, and a premium of approximately 36 percent over Proofpoint's three-month volume-weighted average closing share price through April 23, 2021.

If you're running Microsoft Exchange anywhere in your organisation and you're not extremely concerned about the threat from Hafnium, you haven't been paying attention this year. The Hafnium name refers to both the allegedly Chinese government-linked group which has emerged as the main driver behind a wave of attacks aimed at exploiting zero day vulnerabilities in multiple versions of Exchange, as well as the exploits and malware they are using to gain free rein over your systems.

Whether you're a small business operating out of a single office or a global enterprise with a huge and distributed corporate network, not inspecting the encrypted traffic entering and leaving can be a costly mistake, as cybercriminals are increasingly using TLS in their attacks. "A large portion of the growth in overall TLS use by malware can be linked in part to the increased use of legitimate web and cloud services protected by TLS-such as Discord, Pastebin, Github and Google's cloud services-as repositories for malware components, as destinations for stolen data, and even to send commands to botnets and other malware," noted Sean Gallagher, Senior Threat Researcher at Sophos.

Using the kill chain to assess how an attacker would approach your organization makes it easier to understand which steps, at a minimum, would need to be taken by an arbitrary attacker to succeed in a phishing attack against your company. Phishing is usually thought of as only occurring during the "Delivery" phase of an attack.