GreenPages Blog

As an IT professional, you need to stay current on all things tech; with articles from industry experts and GreenPages' staff, you get the info you need to help your organization compete and succeed!

New Mac Mystery Malware “Silver Sparrow” & New VMware (RCE) in vCenter!

Posted by: Randy Becker
Read More
All Posts

New Mac Mystery Malware “Silver Sparrow” & New VMware (RCE) in vCenter!

By Randy Becker, CISO & VP, Network and Security Consulting

There is a new form of malware (dubbed “Silver Sparrow” by Red Canary) that seems to be affecting Macs running Intel processors and Apple’s own M1 processors. It does not appear as though the malware has done anything nefarious, but as the saying goes, where there’s smoke there is often fire.

VMware announces Remote Code Execution (RCE) vulnerability in the vCenter with a CVSSv3 base score of 9.8 CVE-2021-21972. This one looks ripe for exploitation as it is a RCE **AND** a 9.8 In addition to this, two others were found—all in the CVSSv3 range of 5.3-9.8.


Last week the security researchers at Red Canary posted information on “Silver Sparrow”—a new form of malware that seems to be affecting Macs running Intel processors and the company’s own M1 processors. The malware targets LaunchAgent—a root-level folder in macOS that contains scripts to automatically manage system processes such as backups with Apple’s Time Machine.

Ironically, the LaunchAgent folders were introduced to help prevent malware attacks. Now we know that these folders are being targeted in this mysterious malware attack. It does not appear as though the malware has done anything nefarious, but as the saying goes, where there’s smoke there is often fire. Read Red Canary’s entire post for detailed background information and remediation recommendations.

In VMware news, Tuesday was a big day on the vulnerability and RCE front. VMware announced a Remote Code Execution (RCE) vulnerability in the vCenter Server virtual infrastructure management platform (CVE-2021-21972) with a CVSSv3 base score of 9.8 out of 10 according to VMware's security advisory. This one looks ripe for exploitation as it is an RCE **AND** a 9.8.

In addition to this, there were two additional vulnerabilities found: CVE-2021-21973 and CVE-2021-21974—ESXi, vCenter Server, and Cloud Foundation. All three of the vulnerabilities span between a CVSSv3 range of 5.3-9.8. Remote attackers could exploit some of these vulnerabilities to take control of an affected system. To address these, VMware has released security updates for them all.

If you have any questions or need help with these vulnerabilities or any initiative relates to securing your business, please reach out to your GreenPages Account Executive or reach out to us!



Randy Becker 2

Randy is responsible for GreenPages’ overall cyber security strategy, including developing comprehensive policies and procedures to protect critical applications while ensuring business agility and velocity. With more than 30 years in the IT industry, Randy has strong expertise in cyber security and risk management; security operations and optimization; infrastructure modernization; and hybrid cloud architecture, design, and implementation.

 

Comments

Related Posts

Tech News Recap for the Week of 04/12/21

If you had a busy week and need to catch up, here’s our recap of tech stories you may have missed the week of 04/12/21!

Patch Tuesday April 2021 Edition...Here We Go Again: More Exchange RCEs

By Randy Becker, VP & Principal Security Architect Microsoft April 2021 Patch Tuesday brings us 4 critical on-premises Exchange RCE CVEs, 2 with a base CVSS Score of 9.8 out of 10 with no privileges required, 1 with a CVSS Score of 9 with an attack vector adjacent with low privileges required, and 1 with an 8.8 and low privileges required.

Tech News Recap for the Week of 04/05/21

If you had a busy week and need to catch up, here’s our recap of tech stories you may have missed the week of 04/05/21!