Connect with us

Google

Analyzing a watering hole campaign using macOS exploits

To protect our users, TAG routinely hunts for 0-day vulnerabilities exploited in-the-wild. In late August 2021, TAG discovered watering hole attacks targeting visitors to Hong Kong websites for a media outlet and a prominent pro-democracy labor and political group. The watering hole served an XNU privilege escalation vulnerability (CVE-2021-30869) unpatched in macOS Catalina, which led…

Published

on

To protect our users, TAG routinely hunts for 0-day vulnerabilities exploited in-the-wild. In late August 2021, TAG discovered watering hole attacks targeting visitors to Hong Kong websites for a media outlet and a prominent pro-democracy labor and political group. The watering hole served an XNU privilege escalation vulnerability (CVE-2021-30869) unpatched in macOS Catalina, which led to the installation of a previously unreported backdoor.

As is our policy, we quickly reported this 0-day to the vendor (Apple) and a patch was released to protect users from these attacks.

Based on our findings, we believe this threat actor to be a well-resourced group, likely state backed, with access to their own software engineering team based on the quality of the payload code.

In this blog we analyze the technical details of the exploit chain and share IOCs to help teams defend against similar style attacks.

Source

Continue Reading
Click to comment

Leave a Reply

Your email address will not be published. Required fields are marked *

Google

Reference past chats for more tailored help with Gemini Advanced.

Starting today, Gemini can now recall your past chats to provide more helpful responses. Whether you’re asking a question about something you’ve already discussed, or as… Source

Published

on

By

Starting today, Gemini can now recall your past chats to provide more helpful responses. Whether you’re asking a question about something you’ve already discussed, or as…

Source

Continue Reading

Google

Welcome to the Google Pixel House at NBA All-Star Weekend.

Google Pixel returns to NBA All-Star Weekend in San Francisco, California, with two interactive fan experiences.First, check out the Google Pixel House where you can dem… Source

Published

on

By

Google Pixel returns to NBA All-Star Weekend in San Francisco, California, with two interactive fan experiences.First, check out the Google Pixel House where you can dem…

Source

Continue Reading

Google

5 ways Chrome Enterprise can secure your business every day

Learn how Chrome Enterprise offers an extra layer of protection and control businesses can adapt to meet their needs. Source

Published

on

By

Learn how Chrome Enterprise offers an extra layer of protection and control businesses can adapt to meet their needs.

Source

Continue Reading

Trending

Copyright © 2021 Today's Digital.