Security News
Today, Apple has released security updates that fix two actively exploited iOS zero-day vulnerabilities in the Webkit engine used by hackers to attack iPhones, iPads, iPods, macOS, and Apple Watch devices. "Apple is aware of a report that this issue may have been actively exploited," the company said in multiple security advisories published today.
Embattled VPN technology vendor Pulse Secure on Monday updated an "Out-of-cycle" advisory with patches for four major security vulnerabilities, including belated cover for an issue that's already been exploited by advanced threat actors. When Pulse Secure released its initial advisory for the bug on April 20, FireEye reported seeing this and three other Pulse Secure VPN appliance vulnerabilities being exploited as an initial access vector by at least two sophisticated threat actors.
Pulse Secure has fixed a zero-day vulnerability in the Pulse Connect Secure SSL VPN appliance that is being actively exploited to compromise the internal networks of defense firms and govt agencies. A day later, US Cybersecurity and Infrastructure Security Agency issued an emergency directive ordering federal agencies to mitigate the vulnerability within two days by disabling the Windows File Share Browser and Pulse Secure Collaboration features.
An "Aggressive" financially motivated threat group tapped into a zero-day flaw in SonicWall VPN appliances prior to it being patched by the company to deploy a new strain of ransomware called FIVEHANDS. The group, tracked by cybersecurity firm Mandiant as UNC2447, took advantage of an "Improper SQL command neutralization" flaw in the SSL-VPN SMA100 product that allows an unauthenticated attacker to achieve remote code execution. "UNC2447 monetizes intrusions by extorting their victims first with FIVEHANDS ransomware followed by aggressively applying pressure through threats of media attention and offering victim data for sale on hacker forums," Mandiant researchers said.
A zero-day vulnerability addressed by SonicWall in its Secure Mobile Access appliances earlier this year was exploited by a sophisticated and aggressive cybercrime group before the vendor released a patch, FireEye's Mandiant unit reported on Thursday. Over the past half a year, a new cybercrime group has been observed using a broad range of malware and employing aggressive tactics to pressure ransomware victims into making payments.
A financially motivated threat actor exploited a zero-day bug in SonicWall SMA 100 Series VPN appliances to deploy new ransomware known as FiveHands on the networks of North American and European targets. The group, tracked by Mandiant threat analysts as UNC2447, exploited the CVE-2021-20016 SonicWall vulnerability to breach networks and deploy FiveHands ransomware payloads before patches were released in late February 2021.
The latest update to Apple's Big Sur includes critical security patches, which is why Cory Bohon advises upgrading your macOS devices now. Apple released macOS 11.3 on April 26, 2021 to the public.
Apple patched a zero-day vulnerability in its MacOS that can bypass critical anti-malware capabilities and which a variant of the notorious Mac threat Shlayer adware dropper already has been exploiting for several months. Security researcher Cedric Owens first discovered the vulnerability, tracked as CVE-2021-30657 and patched in macOS 11.3, an update dropped by Apple on Monday.
Apple has patched a critical macOS zero-day that has been exploited by Shlayer malware for months and has finally introduced/enabled the App Tracking Transparency feature and policy in iOS, iPadOS and tvOS. A zero-day exploited by malware peddlers. Discovered by security researcher Cedric Owens and privately reported to Apple in March 2021, CVE-2021-30657 is a logic issue that allowed attackers to craft a macOS payload that is not checked by Gatekeeper, the macOS's security feature that verifies downloaded applications before allowing them to run, and bypasses File Quarantine and Application Notarization protections as well.
Apple has fixed a zero-day vulnerability in macOS exploited in the wild by Shlayer malware to bypass Apple's File Quarantine, Gatekeeper, and Notarization security checks and download second-stage malicious payloads. The Jamf Protect detection team discovered that starting January 2021, the Shlayer threat actors created unsigned and unnotarized Shlayer samples have begun exploiting a zero-day vulnerability, discovered and reported to Apple by security engineer Cedric Owens.