New details of the attack on SolarWinds
CrowdStrike announced the discovery of another malware used in attacks on SolarWinds. Sunspot, as the researchers called it, was used to inject malicious code from the Sunburst backdoor into the SolarWinds Orion platform. Earlier, Kaspersky Lab discovered similarities between the Sunburst backdoor and the Kazuar malware, which was often used by the Turla APT group.
Attackers exploited 0-day vulnerabilities in a chain of attacks on Windows and Android
The Google Project Zero team has published a detailed analysis of complex vulnerabilities that cybercriminals have used in real attacks (in the wild) on Windows and Android users. The material consists of 6 parts, each of which describes a specific stage of the attack. The cybercriminals created separate servers to deliver the malicious load for each OS, and for the initial infection they used a watering hole resource containing a 0-day exploit for Google Chrome.
In macOS Big Sur 11.2, the bypass of the network filter blocking by native applications was disabled
After negative feedback from users, Apple removed from the OS the "white list" of applications that were allowed to bypass network filtering policies. Its presence led to the fact that application firewalls, such as LuLu and Little Snitch, using the Network Extension Framework, which replaced the Network Kernel Extensions in the latest version of macOS, could not see the traffic of 50 applications, including the AppStore. This, according to research by information security specialists, gave cybercriminals a new vector of bypassing OS protection means.