Using Pulse Secure VPN?
Do this: Implement the Pulse Secure workaround dubbed, “Workaround-2104.xml,” available on Pulse's advisory page. It disables the Windows File Share Browser and Pulse Secure Collaboration features on the appliance.
Additionally, organizations can also use the blacklisting feature to disable URL-based attacks by blocking the following URIs:
Why: "CVE-2021-22893 allows remote code-execution (RCE) and is being used to gain administrator-level access to the appliances, according to Ivanti research. Pulse Secure said that the zero-day will be patched in early May; but in the meantime, the company worked with Ivanti (its parent company) to release both mitigations and the Pulse Connect Secure Integrity Tool, to help determine if systems have been impacted."
Additional Info: https://threatpost.com/pulse-secure-critical-zero-day-active-exploit/165523/
Pulse Connect Security Integrity Tool: https://kb.pulsesecure.net/articles/Pulse_Secure_Article/KB44755
Do this: Apply the latest MacOS updates.
Why: Security engineer, Cedric Owens, identified an avenue to bypass Apple's Gatekeeper functionality which is used to prevent untrusted, malicious applications from running on MacOS.
Additional Info: https://thehackernews.com/2021/04/hackers-exploit-0-day-gatekeeper-flaw.html
Send Us Your Comments
What did you think of this article? Send us a note to let us know what you liked, would like to see more of, or what we can do better. And don't be surprised if we reach back out with a small 'thank you' gift for your feedback.