macOS Sequoia change breaks networking for VPN, antivirus software

macOS Sequoia change breaks networking for VPN, antivirus software

Category: <h2 class="cBlue inline m-r-10">Arti<span class="cOrange">cles</span></h2>

macOS Sequoia change breaks networking for VPN, antivirus software

Information

 macOS Sequoia is the name of the latest operating system for Mac computers developed by Apple. The name Sequoia signifies an interesting OS for Mac users, especially for those who want to easily connect their iPhone with their Mac. It also includes new features that enhance the smoothness and efficiency of using a Mac.

Incident
  Users of macOS 15 Sequoia are reporting network connection issues when using Endpoint Detection and Response (EDR) solutions or Virtual Private Networks (VPN), as well as web browsers.

  Affected users on Reddit have described issues with CrowdStrike Falcon and ESET Endpoint Security, as well as firewalls causing packet corruption, leading to SSL failures in web browsers or preventing the use of wget and curl.

  Although Apple describes it as the latest and most advanced desktop operating system in the world, an internal announcement seen by BleepingComputer indicates that CrowdStrike is advising customers not to upgrade to macOS 15. This is due to changes in the internal network architecture on macOS 15 Sequoia. Customers should refrain from upgrading until a Mac sensor that effectively supports macOS 15 Sequoia is released.

Recommendation

  ESET has issued guidance for those experiencing connection issues after upgrading to macOS Sequoia, recommending that users go to System Settings > Network > Filters and remove ESET Network from the list.

The security provider also stated that this method is applicable for Endpoint Security version 8.1.6.0 and above, as well as ESET Cyber Security version 7.5.74.0, since earlier versions are not supported on macOS 15.

  Disabling Falcon Firewall and Network Event Support If macOS 15 Sequoia is upgraded to and a networking issue is encountered, Falcon Networking can be disabled.

  To disable Falcon Networking, run the following command from Terminal

sudo /Applications/Falcon.app/Contents/Resources/falconctl disable-filter

  To re-enable Falcon Networking, run the following command from Terminal

sudo /Applications/Falcon.app/Contents/Resources/falconctl enable-filter

 

The important things is Security systems. We must concern and monitor as usual.
For more information please contact
Email :sales@inetms.co.th
065 149 2822 (Ms.Suphatson )
063 204 4534 (Ms.Atsamaphorn)
065 929 6330 (Ms.Kansinee)
0613879439 (Ms.Sirilak)
0922576902 (Ms.Narusorn)

 

References

-https://www.bleepingcomputer.com/news/apple/macos-sequoia-change-breaks-networking-for-vpn-antivirus-software/

-https://www.reddit.com/r/crowdstrike/comments/1fj6uvt/macos_sequoia_intermittent_internet_issues/?rdt=40410

-https://www.reddit.com/r/MacOS/comments/1fihlge/macos_15_sequoia_bugs_and_issues_megathread/

-https://support.eset.com/en/alert8723-network-connection-lost-after-upgrading-to-macos-15-with-eset-macos-product-v6?ref=esf

-https://www.crowdstrike.com/en-us/

Weekly Interesting CVE

NO.

CVE Name

Published Date

Last Update

Device/Appplication/OS Target

Attack Type

CVSS
Severity Rating

Detail

Solution

Reference
1

CVE-2017-1238

6/7/2018

17/9/2024

IBM Quality Manager (RQM) 5.0.x and 6.0 to 6.0.5

cross-site scripting

5.4

This vulnerability allows users to embed arbitrary JavaScript code in the web UI, potentially altering the intended functionality, potentially leading to credentials disclosure within a trusted session.

Update IBM Quality Manager (RQM) 5.0.2 iFix26 and 6.0.2 iFix017 or later.

https://nvd.nist.gov/vuln/detail/CVE-2017-1238
2

CVE-2024-8775

14/9/2024

17/9/2024

Redhat

Data Exposure

5.5

A vulnerability discovered in Ansible involves the disclosure of sensitive information stored in Ansible Vault files during playbook execution. This vulnerability occurs when tasks such as include_vars are used to load Vault-encrypted variables without setting no_log: true , which could allow sensitive information to be printed in playbook output or logs, potentially leading to the disclosure of sensitive information.

Set no_log: true

https://app.opencve.io/cve/CVE-2024-8775
3

CVE-2021-38969

11/5/2022

17/9/2024

IBM Spectrum Virtualize 8.2, 8.3, and 8.4

Privilege Escalation

9.8

This vulnerability may allow an attacker to gain unauthorized access due to reuse of support generated credentials, a vulnerability that could lead to a security breach of access to the system.

Update to version 8.5.0.0 or later.

https://app.opencve.io/cve/CVE-2021-38969
4

CVE-2018-0809

15/2/2018

17/9/2024

Windows kernel for Windows 10 versions 1703 and 1709 and Windows Server version 1709

Elevation of Privilege Vulnerability

7.0

In the Windows kernel of Windows 10 versions 1703 and 1709 and Windows Server version 1709, there is an Elevation of Privilege Vulnerability due to the insecure way objects in memory are handled.

Update security patches to the latest version.

https://app.opencve.io/cve/CVE-2018-0809
5

CVE-2024-6508

21/08/2024

17/09/2024

Redhat

Cross-Site Request Forgery

8

An insufficient entropy vulnerability discovered in the OpenShift Console is related to the use of the OAuth2 protocol, specifically in the authorization code and implicit grant types. This vulnerability could allow a Cross-Site Request Forgery (CSRF) attack if the state parameter is insufficiently used. This could allow logging in to the victim's account in the current application using a third-party account without any restrictions.

There is no mitigation or prevention method yet

https://app.opencve.io/cve/CVE-2024-6508

Malware News or Campaign IOC/IOA | EN

No

Campaign Name

Detection Date

Attack

Type

  

Description

  

Mitigation/Remediation
1

Blind Eagle Targets Colombian Insurance Sector with Customized Quasar RAT

09/09/2024

Phishing, malware

     In August 2024, the hacker group known as "Blind Eagle" targeted an insurance company in Colombia. The attack involved two primary methods: phishing and malware. The phishing component consisted of fraudulent emails that appeared to be from reputable sources such as banks or other trusted entities, designed to deceive recipients into disclosing sensitive information. Concurrently, the group deployed malware, a type of malicious software concealed within files or websites, to infiltrate the victims' systems and access critical company data. This included personal information of customers, such as insurance details and financial records. As a result of this attack, the insurance company experienced operational disruptions and faced significant risks related to the exposure or misuse of customer data, potentially leading to financial repercussions and a loss of customer confidence.

1.Implement training programs to enhance knowledge and awareness of phishing and malware threats.

2.Consistently apply patches and updates to software to address and rectify security vulnerabilities.

3.Activate Multi-Factor Authentication (MFA) for accessing systems and sensitive data.

Ref : https://thehackernews.com/2024/09/blind-eagle-targets-colombian-insurance.html

01 October 2024

Viewed 97 time

Engine by shopup.com