Security News

A financially motivated threat actor exploited a zero-day bug in SonicWall SMA 100 Series VPN appliances to deploy new ransomware known as FiveHands on the networks of North American and European targets. The group, tracked by Mandiant threat analysts as UNC2447, exploited the CVE-2021-20016 SonicWall vulnerability to breach networks and deploy FiveHands ransomware payloads before patches were released in late February 2021.

The latest update to Apple's Big Sur includes critical security patches, which is why Cory Bohon advises upgrading your macOS devices now. Apple released macOS 11.3 on April 26, 2021 to the public.

Apple patched a zero-day vulnerability in its MacOS that can bypass critical anti-malware capabilities and which a variant of the notorious Mac threat Shlayer adware dropper already has been exploiting for several months. Security researcher Cedric Owens first discovered the vulnerability, tracked as CVE-2021-30657 and patched in macOS 11.3, an update dropped by Apple on Monday.

Apple has patched a critical macOS zero-day that has been exploited by Shlayer malware for months and has finally introduced/enabled the App Tracking Transparency feature and policy in iOS, iPadOS and tvOS. A zero-day exploited by malware peddlers. Discovered by security researcher Cedric Owens and privately reported to Apple in March 2021, CVE-2021-30657 is a logic issue that allowed attackers to craft a macOS payload that is not checked by Gatekeeper, the macOS's security feature that verifies downloaded applications before allowing them to run, and bypasses File Quarantine and Application Notarization protections as well.

Apple has fixed a zero-day vulnerability in macOS exploited in the wild by Shlayer malware to bypass Apple's File Quarantine, Gatekeeper, and Notarization security checks and download second-stage malicious payloads. The Jamf Protect detection team discovered that starting January 2021, the Shlayer threat actors created unsigned and unnotarized Shlayer samples have begun exploiting a zero-day vulnerability, discovered and reported to Apple by security engineer Cedric Owens.

Facebook Messenger users targeted by a large-scale scamA large-scale scam campaign targeting Facebook Messenger users all over the world has been detected by Group-IB. Hackers found leveraging three SonicWall zero-day vulnerabilitiesAttackers that seem to have "Intimate knowledge" of the SonicWall Email Security product have been discovered leveraging three zero-day vulnerabilities in the popular enterprise solution. Improper cloud IAM leaving organizations at riskThere is an industry-wide cloud permissions gap crisis, leaving countless organizations at risk due to improper identity and access management, a CloudKnox Security report reveals.

Google has released Chrome 90.0.4430.85 to address an actively exploited zero-day and four other high severity security vulnerabilities impacting today's most popular web browser. PoC dropped on Twitter, zero-day fixed one week later.

A critical zero-day security vulnerability in Pulse Secure VPN devices has been exploited by nation-state actors to launch cyberattacks against U.S. defense, finance and government targets, as well as victims in Europe, researchers said. Pulse Secure said that the zero-day will be patched in early May; but in the meantime, the company worked with Ivanti to release both mitigations and the Pulse Connect Secure Integrity Tool, to help determine if systems have been impacted.

Attackers that seem to have "Intimate knowledge" of the SonicWall Email Security product have been discovered leveraging three zero-day vulnerabilities in the popular enterprise solution. Exploited in conjunction, the flaws allowed the attacker to obtain administrative access and code execution on a SonicWall ES device, then install a backdoor, access files and emails, and move laterally into the victim organization's network.

SonicWall has addressed three critical security vulnerabilities in its hosted and on-premises email security product that are being actively exploited in the wild. "The adversary leveraged these vulnerabilities, with intimate knowledge of the SonicWall application, to install a backdoor, access files, and emails, and move laterally into the victim organization's network."