Security News

An "Aggressive" financially motivated threat group tapped into a zero-day flaw in SonicWall VPN appliances prior to it being patched by the company to deploy a new strain of ransomware called FIVEHANDS. The group, tracked by cybersecurity firm Mandiant as UNC2447, took advantage of an "Improper SQL command neutralization" flaw in the SSL-VPN SMA100 product that allows an unauthenticated attacker to achieve remote code execution. "UNC2447 monetizes intrusions by extorting their victims first with FIVEHANDS ransomware followed by aggressively applying pressure through threats of media attention and offering victim data for sale on hacker forums," Mandiant researchers said.

SaaS Security Posture Management takes an automated approach to tracking, and even remediating, the exploitable misconfigurations in organizations' SaaS apps. It's unfortunate but true: SaaS attacks continue to increase.

Digital Ocean on Wednesday said someone was able to snoop on some of its cloud subscribers' billing information via a now-patched vulnerability. In an email to affected customers seen by The Register - and full disclosure, your Register vulture is a customer - the rent-a-server biz said that two days ago it confirmed a miscreant had gained unauthorized access to some people's account records.

The latest update to Apple's Big Sur includes critical security patches, which is why Cory Bohon advises upgrading your macOS devices now. Apple released macOS 11.3 on April 26, 2021 to the public.

"An unsigned, unnotarized, script-based proof of concept application could trivially and reliably sidestep all of macOS's relevant security mechanisms, even on a fully patched M1 macOS system," security researcher Patrick Wardle explained in a write-up. "Armed with such a capability macOS malware authors could returning to their proven methods of targeting and infecting macOS users."

"Gathered from over 285 million real-world endpoints and sensors, and leveraging the extensive BrightCloud network of industry-leading partners, this year's Threat Report clearly shows how cybercriminals are willing and able to evolve their tactics to exploit collective human interest and current events," said Prentiss Donohue, EVP, SMB/C Sales, OpenText. One of which, %appdata%, saw the infection rate jump 59.2% YoY. Consumer devices saw twice as many malware infections when compared to business devices.

The U.S. Cybersecurity and Infrastructure Security Agency has disclosed details of a new advanced persistent threat that's leveraging the Supernova backdoor to compromise SolarWinds Orion installations after gaining access to the network through a connection to a Pulse Secure VPN device. "The threat actor connected to the entity's network via a Pulse Secure virtual private network appliance, moved laterally to its SolarWinds Orion server, installed malware referred to by security researchers as SUPERNOVA, and collected credentials," the agency said on Thursday.

A critical zero-day security vulnerability in Pulse Secure VPN devices has been exploited by nation-state actors to launch cyberattacks against U.S. defense, finance and government targets, as well as victims in Europe, researchers said. Pulse Secure said that the zero-day will be patched in early May; but in the meantime, the company worked with Ivanti to release both mitigations and the Pulse Connect Secure Integrity Tool, to help determine if systems have been impacted.

SonicWall has addressed three critical security vulnerabilities in its hosted and on-premises email security product that are being actively exploited in the wild. "The adversary leveraged these vulnerabilities, with intimate knowledge of the SonicWall application, to install a backdoor, access files, and emails, and move laterally into the victim organization's network."

If Pulse Connect Secure gateway is part of your organization network, you need to be aware of a newly discovered critical zero-day authentication bypass vulnerability that is currently being exploited in the wild and for which there is no patch available yet. At least two threat actors have been behind a series of intrusions targeting defense, government, and financial organizations in the U.S. and elsewhere by leveraging critical vulnerabilities in Pulse Secure VPN devices to circumvent multi-factor authentication protections and breach enterprise networks.