メディアルーム

The macOS Sequoia vulnerabilities are the latest to be targeted and exploited by threat actors as cybersecurity vendors report a shift in the landscape.

Satnam Narang, senior staff research engineer at Tenable, told TechTarget Editorial that Apple is known for providing limited technical details in their advisories. However, he highlighted one aspect of Apple's advisory.

"The one interesting aspect about these two zero days is that the advisories called out exploitation specifically for Intel-based Mac systems, which are now considered legacy products for Apple. Apple switched over to their own Apple silicon in late 2020," Narang said. "Typically, zero-day exploitation of vulnerabilities is part of limited, targeted attacks. When you add that these were attributed to researchers at Google's Threat Analysis Group, which are often tasked with investigating targeted attacks, it supports that hypothesis. Until Googles Threat Analysis Group publishes their own research into the attacks, we won’t know more than what's in the advisories."

While zero-day exploitation surged throughout 2023, CISA said threat actors continue to exploit known vulnerabilities that were disclosed and patched as far back as 2017.

Satnam Narang, senior staff research engineer at Tenable, told TechTarget Editorial that the inclusion of vulnerabilities in VPNs and internet-exposed services was a common thread among many of the flaws highlighted in the advisory. Narang added that there's a strong correlation between internet-facing systems that utilize software containing known vulnerabilities and the likelihood of exploitation.

Narang also said CVE-2017-6742 exploitation has been connected to the Russian state-sponsored advanced persistent threat group known as Fancy Bear. The group exploited another vulnerability, tracked as CVE-2023-23397, on CISA's advisory to target Microsoft Exchange accounts.

Russia's premiere advanced persistent threat group–APT29–has been phishing thousands of targets in militaries, public authorities, and enterprises.

"APT29 embodies the 'persistent' part of 'advanced persistent threat,'" says Satnam Narang, senior staff research engineer at Tenable. "It has persistently targeted organizations in the United States and Europe for years, utilizing various techniques, including spear-phishing and exploitation of vulnerabilities to gain initial access and elevate privileges. Its modus operandi is the collection of foreign intelligence, as well as maintaining persistence in compromised organizations in order to conduct future operations."

That APT29 would go after sensitive credentials from geopolitically prominent and diverse organizations is no surprise, Narang notes, though he adds that "the one thing that does kind of stray from the path would be its broad targeting, versus [its typical more] narrowly focused attacks."

Tenable has shared details on a dependency confusion attack method that could have exposed Google Cloud Platform (GCP) customers to remote code execution (RCE) attacks.

In this episode of the IoT Insider podcast, Bernard Montel provides a brief history of the evolution of the Cloud and the challenges of securing it.

Tenable's Scott McKinnel discusses how preventive cybersecurity can reduce insurance premiums.