live casino online

A zero-day vulnerability found in Apple iTunes and iCloud was exploited by cybercriminals to infect Windows computers of an automotive company with the BitPaymer ransomware. The attack was reportedly not detected by antivirus solutions. According to security researchers, the exploited vulnerability was found in the Bonjour component that iTunes and iCloud programs for Windows use to deliver software updates.

[READ: Security 101: Zero-Day Vulnerabilities and Exploits]

The found in Bonjour, which occurs when a file path is left without quote marks, can allow cybercriminals to execute arbitrary code without tipping off antivirus solutions because it resides within a trusted program.?

Because Bonjour is a signed program, cybercriminals took advantage of the unquoted service path vulnerability to run the BitPaymer ransomware that they named ¡°Program.¡± Normally, the Bonjour component runs from the ¡°Program Files¡± folder. BitPaymer also managed to evade cybersecurity detection because it did not have the .exe extension.

[READ: ]

It should be noted that this vulnerability only affects users of iTunes and iCloud on the Windows platform, as with the emergence of . This Windows vulnerability has been patched by earlier this week.

How can users and businesses defend against zero-day attacks?

Given their nature, zero-day attacks are inherently unpredictable and difficult to prepare for and defend against. This is especially true for organizations whose security measures are developed around known and already patched flaws. A proactive, defense-in-depth approach, however, can help mitigate them.

Here are some of the other countermeasures that organizations can adopt to defend against zero-day attacks:

• Regularly update IT infrastructure.?While this may seem like a reactive strategy, applying patches to systems, servers, and networks as soon as they¡¯re available lowers the number of exploits that target them. Accordingly, organizations should also factor zero-days in their?patch management?policies as well as incident response and remediation strategies.
• Secure email gateways, servers, and networks.?Zero-day attacks can take the form of threats that may target different parts of an organization¡¯s online infrastructure ¡ª either to facilitate the execution of malware, deliver payloads, or perform lateral movement ¡ª which is why it¡¯s important to secure them equally.
• Enforce the principle of least privilege.?Many threats abuse legitimate and open-source penetration testing and system administration tools to exploit a vulnerability successfully. Restricting and?securing?their use helps reduce the risks of attackers gaining access to the entire network or system.
• Nurture and practice cybersecurity hygiene.?Fostering a culture of cybersecurity, which includes increasing user?awareness on phishing?attacks, helps just as much as the security solutions that are deployed by the organization.
• Employ multilayered security defenses.?Additional layers of security reduce an organization¡¯s attack surface.?Firewalls?and?intrusion detection and prevention?systems, for instance, help filter malicious traffic and network activities.?Application control?and??prevents dubious executables and malware-related routines from running, while?sandboxes?quarantine suspicious and malicious files.

live casino online solutions

The?live casino online^??Apex One^? security solution¡¯s virtual patching delivers the timeliest vulnerability protection across a variety of endpoints, including point-of-sale (PoS), internet of things (IoT) devices, and systems with end-of-support (EoS) operating systems.?

The?live casino online^??TippingPoint^??Threat Protection System?provides virtual patching and extensive??against network-exploitable vulnerabilities via?Digital Vaccine? filters.

The?live casino online^??Deep Discovery^? solution provides detection, in-depth analysis, and proactive response to attacks using exploits and other similar threats through specialized engines, customized sandboxing, and seamless correlation across the entire attack lifecycle, allowing it to detect threats even without any engine or pattern update.

?