A weekly recap of pertinent security events you need to be aware of and can read in 7 seconds (or so...)
Do this: Apply the latest MacOS updates.
Why: Security engineer, Cedric Owens, identified an avenue to bypass Apple's Gatekeeper functionality which is used to prevent untrusted, malicious applications from running on MacOS.
Additional Info: https://thehackernews.com/2021/04/hackers-exploit-0-day-gatekeeper-flaw.html
Using Pulse Secure VPN?
Do this: Implement the Pulse Secure workaround dubbed, “Workaround-2104.xml,” available on Pulse's advisory page. It disables the Windows File Share Browser and Pulse Secure Collaboration features on the appliance.
Additionally, organizations can also use the blacklisting feature to disable URL-based attacks by blocking the following URIs:
Why: "CVE-2021-22893 allows remote code-execution (RCE) and is being used to gain administrator-level access to the appliances, according to Ivanti research. Pulse Secure said that the zero-day will be patched in early May; but in the meantime, the company worked with Ivanti (its parent company) to release both mitigations and the Pulse Connect Secure Integrity Tool, to help determine if systems have been impacted."
Additional Info: https://threatpost.com/pulse-secure-critical-zero-day-active-exploit/165523/
Pulse Connect Security Integrity Tool: https://kb.pulsesecure.net/articles/Pulse_Secure_Article/KB44755
About the Author
Ryan Bradbury, CISSP, OSCP
Principal Consultant & Cofounder
As a founding partner and principal consultant at SEVN-X, Ryan employs his training, experience, and expertise in helping organizations assess and protect their information security assets as well as respond to cybersecurity events. Ryan’s skillset has been forged from an extensive amount of field work—across various verticals—serving in both strategic and tactical security roles. SEVN-X requires all of its team members to be experts in information security and that starts from the top down.