At Camel Secure we want you to be informed about cybersecurity news that could affect your business. That is why we present you this summary with the most important news of the week:
SILVER SPARROW MALWARE INFECTS THOUSANDS OF MACS
Around 30,000 Apple Macs in 153 countries were infected by a variant of malware without prior detection. The malware Silver Sparrow has generated a mystery among researchers as they have not yet seen it deliver malicious payloads to compromised endpoints according to a report by Red Canary researchers.
The malware did not behave like traditional adware directed against Mac operating systems, says the researchers. The biggest news is the way the downloader uses JavScript for execution, which led to the conclusion that it was a new type of malware not previously detected.
In their blog, the specialists who discovered the so-called Silver Sparrow indicated that “we have not observed that Silver Sparrow delivers additional malicious payloads, its compatibility with the forward-thinking M1 chip, its global reach, its similar high version rate and its maturity. operational suggests that Silver Sparrow is a reasonably serious threat, uniquely positioned to deliver a potentially impactful payload at any time."
Two versions of the malware have been detected, one of them contains a Mach-O binary compiled to target the Intel x86-64 architecture; the other adds a compiled Mach-0 binary for the architecture of the M1 ARM64
VMWARE PATCHES CRITICAL RCE FLAW FOUND IN VCENTER SERVER
VMWare recently patched a vulnerability that could allow attackers to breach the external perimeter of a data center or take advantage of already installed back doors to take over a critical system.
The vulnerability was discovered by researcher Mikhail Klyuchnikov of Positive Technologies. The vulnerability it can be found as CVE-2021-21972 and has a CVSS v3 score of 9.8, in a vCenter Server plug-in for vROP in the vSphere Client functionality, as reported by VMWare.
The company noted that "A malicious actor with network access to port 443 can exploit this issue to execute commands with unrestricted privileges on the underlying operating system hosting vCenter Server."
VMware advised its customers to install the updates provided to affected deployments to remediate the threat. The company also provided solutions for those who cannot update their systems right away.
CHINESE HACKERS CLONED NSA EXPLOIT TOOL
It was recently reported that the APT31 group, also known as Zirconium, used a tool called Jian, which is a replica of EpMe, a hacking tool used by the US National Security Agency, NSA.
A Check Point team concluded that it was cloning software developed by the NSA's Equation Group, identified by FireEye in 2015 and later described as one of the most sophisticated cyber attack groups in the world.
Experts noted that the Jian tool was being actively used between 2014 and 2017.
At Camel Secure, we manage the cyber risk of your business
