New vulnerability in macOS Finder allows an attacker to remotely execute commands

The researcher found a vulnerability in the macOS Finder, which allows an attacker to run commands on Mac computers with any version of macOS (up to the latest version of Big Sur). There is no patch for this problem yet. The vulnerability was discovered by independent information security expert Park Minchan, and it is related to the way macOS handles .inetloc files (Internet location files). .inetloc files are system-wide bookmarks that can be used to open various network resources (news://, ftp://, afp://) and local files (file://). As a result, these files force the OS to run any commands...

On the day of the release of iOS 15, expert showed how to bypass the lock screen

Apple released iOS 15 this week, and on the same day, security expert Jose Rodriguez demonstrated how to bypass the lock screen on an iPhone, which can be used to access a user’s notes. researcher admits that it was not by chance that he discovered the bug on this very day. In this way, Rodriguez took revenge on Apple for downplaying similar screen lock bypass problems he had reported earlier in 2021. We are talking about the vulnerabilities CVE-2021-1835 and CVE-2021-30699, which Apple fixed in April and May of this year. The aforementioned two vulnerabilities allowed attackers to gain...

Italian mafia was involved in cybercrimes, BEC scam and SIM swapping

This week, Europol and Eurojust reported that the Italian mafia was involved in cybercrimes and that law enforcement officers managed to eliminate a network associated with it. police operation led to the arrests of 106 people on the island of Tenerife in Spain, as well as in Turin and Isernia in Italy, who are accused of various cybercrimes and money laundering. Law enforcement officers write that this group was mainly engaged in cybercrime: SIM-card swapping, as well as phishing and vishing, trying to penetrate the networks of companies, steal funds or trick employees into sending payments...

Microsoft urged administrators to fix OMIGOD vulnerabilities on their own

Earlier this week, we wrote that Microsoft patced four critical vulnerabilities collectively known as OMIGOD. Issues were found in Open Management Infrastructure (OMI), which silently and automatically installs on Azure Linux VMs (more than half of all Azure instances). is installed and enabled when any of the following tools and services are activated: Azure Automation, Azure Automatic Update, Azure Operations Management Suite (OMS), Azure Log Analytics, Azure Configuration Management, and Azure Diagnostics. OMIGOD contains the following vulnerabilities: CVE-2021-38647 — RCE without root...

Microsoft patches OMIGOD vulnerabilities on Azure Linux VMs

Microsoft patches four critical vulnerabilities with a common name OMIGOD. Issues were found in Open Management Infrastructure (OMI), which is silently and automatically installed on Azure Linux VMs (more than half of all Azure instances). issues were fixed in OMI version 1.6.8.1, but there is no automatic update mechanism in the application, so most Azure Linux VMs will remain vulnerable until the update is manually installed. Open Management Infrastructure is the Linux equivalent of Microsoft Windows Management Infrastructure (WMI), a service that collects data from on-premises environments...

Microsoft fixes MSHTML vulnerability and residual PrintNightmare issues

The first “Patch Tuesday” this fall brought fixes more than 80 issues in Microsoft solutions, including a MSHTML vulnerability and residual PrintNightmare bugs. , 66 vulnerabilities were patched in various products, including Azure, Office, SharePoint Server, Windows, Windows DNS and Windows Subsystem for Linux, as well as another 20 Chromium bugs in Microsoft Edge. Only three issues this month have been categorized as critical. One of these vulnerabilities, CVE-2021-40444, is the already known 0-day in Microsoft MHTML (aka Trident), the proprietary Internet Explorer browser...

HP OMEN device bug allowed privilege escalation

Millions of HP OMEN computers were vulnerable to a bug that allowed attackers to provoke denial of service, escalate privileges, and disable security products. issue affected HP OMEN Gaming Hub prior to version 11.6.3.0 and HP OMEN Gaming Hub SDK prior to version 1.0.44. The HP OMEN Gaming Hub, formerly known as the HP OMEN Command Center, is a software product preinstalled on HP OMEN desktops and notebooks. It can be used to control and optimize settings such as the device’s GPU, fan speed, CPU overclocking, memory, and more. This same software is used to set and customize lighting and...

Coin mining trojans are injected through the Confluence vulnerability

At the edge of August 2021, the users of Confluence (a program for collaboration between employees) suffered a massive attack on their companies. Regardless of the fact that this attack was performed through the exact Confluence app, the whole corporate networks fell like a clay-made Colossus. But the exact reason and endpoints of these attacks were published only 20 days later – together with another loud attack on MidnightBSD developers group. What happened?Is there some response from Atlassian? What happened? The majority of victims among ones who reported the incident used an...