• Ivanti Releases Security Updates for EPMM to address CVE-2023-35081
• Macs under attacks from password-stealing malware — how to stay safe
• Apple Releases Security Updates for Multiple Products
• CISA Releases Malware Analysis Reports on Barracuda Backdoors
Ivanti has identified and released patches for a directory traversal vulnerability (CVE-2023-35081, CWE-22) in Ivanti Endpoint Manager Mobile (EPMM), formerly MobileIron Core. This vulnerability affects supported EPMM versions 11.10, 11.9, and 11.8. Older, unsupported versions are also affected.
This vulnerability allows an attacker with EPMM administrator privileges to write arbitrary files with the operating system privileges of the EPMM web application server. To gain EPMM administrator privileges, the attacker could exploit CVE-2023-35078 on an unpatched system.
Ivanti Endpoint Manager Mobile (EPMM) through 11.10 allows remote attackers to obtain PII, add an administrative account, change the configuration because of an authentication bypass, and execute an uploaded file, for example, a web shell.
CISA urges users and organizations to patch both CVE-2023-35081 and CVE-2023-35078. Patches for CVE-2023-35081 also include patches for CVE-2023-35078.
Ivanti Releases Security Updates for EPMM to address CVE-2023-35081:
Ivanti Releases Security Updates for Endpoint Manager Mobile (EPMM) CVE-2023-35078:
CVE-2023-35081 – Remote Arbitrary File Write:
CWE-22: Improper Limitation of a Pathname to a Restricted Directory (‘Path Traversal’):
Tom’s Guide releases and article addressing new Mac malware issue and how to remediate.
Hackers have launched a massive campaign that uses new Mac malware named “Realst” to target vulnerable Apple computers.
Although there are 16 different variants of the Realst malware, they all target popular browsers like Firefox, Chrome, Opera, Brave Vivaldi and the Telegram app. The Realst malware is able to steal passwords, cookies and other sensitive data stored in a user’s browser, but it also goes after any passwords saved in Apple Keychain which is the iPhone maker’s own password manager.
Avoid downloading sketchy games online. However, once other cybercriminals begin deploying Realst in their attacks this could change.
For this reason, you want to be extremely careful when downloading new programs for your Mac. You’re better off finding new programs for your Mac from Apple’s App Store instead of downloading and installing them manually from wherever you find them.
Macs under attack from password-stealing malware — how to stay safe
Apple has released security updates to address vulnerabilities in multiple products.
CISA encourages users and administrators to review the following advisories and apply the necessary updates.
- iOS 16.6 and iPadOS 16.6
- iOS 15.7.8 and iPadOS 15.7.8
- macOS Ventura 13.5
- macOS Monterey 12.6.8
- macOS Big Sur 11.7.9
- Safari 16.6
- tvOS 16.6
- watchOS 9.6
Out of date Apple OS devices are potentially exploited by malicious actors.
An attacker could exploit some of these vulnerabilities to take control of an affected device.
Please update your devices to prevent malicious actors from taking control.
Apple Releases Security Updates for Multiple Products:
CISA has published three malware analysis reports on malware variants associated with exploitation of CVE-2023-2868. CVE-2023-2868 is a remote command injection vulnerability affecting Barracuda Email Security Gateway (ESG) Appliance, versions 5.1.3.001-9.2.0.006.
The vulnerability was exploited as a zero day as early as October 2022 to gain access to ESG appliances.
According to industry reporting, the actors exploited the vulnerability to gain initial access to victim systems and then implanted backdoors to establish and maintain persistence.
Use the Malware Analysis Reports in Additional Resources to find indicators of compromise and YARA rules for detection, on the exploit payload, SEASPY, and SUBMARINE backdoor. Remove any malicious activity you find.
CISA Releases Malware Analysis Reports on Barracuda Backdoors:
MAR-10454006-r3.v1 Exploit Payload Backdoor:
MAR-10454006-r2.v1 SEASPY Backdoor:
MAR-10454006-r1.v2 SUBMARINE Backdoor: