By Randy Becker, CISO & VP, Network and Security Consulting
There is a new form of malware (dubbed “Silver Sparrow” by Red Canary) that seems to be affecting Macs running Intel processors and Apple’s own M1 processors. It does not appear as though the malware has done anything nefarious, but as the saying goes, where there’s smoke there is often fire.
VMware announces Remote Code Execution (RCE) vulnerability in the vCenter with a CVSSv3 base score of 9.8 CVE-2021-21972. This one looks ripe for exploitation as it is a RCE **AND** a 9.8 In addition to this, two others were found—all in the CVSSv3 range of 5.3-9.8.
Last week the security researchers at Red Canary posted information on “Silver Sparrow”—a new form of malware that seems to be affecting Macs running Intel processors and the company’s own M1 processors. The malware targets LaunchAgent—a root-level folder in macOS that contains scripts to automatically manage system processes such as backups with Apple’s Time Machine.
Ironically, the LaunchAgent folders were introduced to help prevent malware attacks. Now we know that these folders are being targeted in this mysterious malware attack. It does not appear as though the malware has done anything nefarious, but as the saying goes, where there’s smoke there is often fire. Read Red Canary’s entire post for detailed background information and remediation recommendations.
In VMware news, Tuesday was a big day on the vulnerability and RCE front. VMware announced a Remote Code Execution (RCE) vulnerability in the vCenter Server virtual infrastructure management platform (CVE-2021-21972) with a CVSSv3 base score of 9.8 out of 10 according to VMware's security advisory. This one looks ripe for exploitation as it is an RCE **AND** a 9.8.
In addition to this, there were two additional vulnerabilities found: CVE-2021-21973 and CVE-2021-21974—ESXi, vCenter Server, and Cloud Foundation. All three of the vulnerabilities span between a CVSSv3 range of 5.3-9.8. Remote attackers could exploit some of these vulnerabilities to take control of an affected system. To address these, VMware has released security updates for them all.
If you have any questions or need help with these vulnerabilities or any initiative relates to securing your business, please reach out to your GreenPages Account Executive or reach out to us!
Randy is responsible for GreenPages’ overall cyber security strategy, including developing comprehensive policies and procedures to protect critical applications while ensuring business agility and velocity. With more than 30 years in the IT industry, Randy has strong expertise in cyber security and risk management; security operations and optimization; infrastructure modernization; and hybrid cloud architecture, design, and implementation.
