System Integrity Protection | Breaking Cybersecurity News | The Hacker News

Microsoft has shared details of a now-patched flaw in Apple macOS that could be abused by threat actors with root access to bypass security enforcements and perform arbitrary actions on affected devices. Specifically, the flaw – dubbed  Migraine  and tracked as CVE-2023-32369 – could be abused to get around a key security measure called System Integrity Protection ( SIP ), or "rootless," which limits the actions the root user can perform on protected files and folders. "The most straight-forward implication of a SIP bypass is that [...] an attacker can create files that are protected by SIP and therefore undeletable by ordinary means," Microsoft researchers Jonathan Bar Or, Michael Pearse, and Anurag Bohra  said . Even worse, it could be exploited to gain arbitrary kernel code execution and even access sensitive data by replacing databases that manage Transparency, Consent, and Control (TCC) policies. The bypass is made possible by leveraging a built-in macOS tool called  Migrat

A critical zero-day vulnerability has been discovered in all versions of Apple's OS X operating system that allows hackers to exploit the company's newest protection feature and steal sensitive data from affected devices. With the release of OS X El Capitan, Apple introduced a security protection feature to the OS X kernel called System Integrity Protection ( SIP ). The feature is designed to prevent potentially malicious or bad software from modifying protected files and folders on your Mac. The purpose of SIP is to restrict the root account of OS X devices and limit the actions a root user can perform on protected parts of the system in an effort to reduce the chance of malicious code hijacking a device or performing privilege escalation. However, SentinelOne security researcher Pedro Vilaça has uncovered a critical vulnerability in both OS X and iOS that allows for local privilege escalation as well as bypasses SIP without kernel exploit, impacting all versions

Super Low RPO with Continuous Data Protection: Dial Back to Just Seconds Before an Attack Zerto , a Hewlett Packard Enterprise company, can help you detect and recover from ransomware in near real-time. This solution leverages continuous data protection (CDP) to ensure all workloads have the lowest recovery point objective (RPO) possible. The most valuable thing about CDP is that it does not use snapshots, agents, or any other periodic data protection methodology. Zerto has no impact on production workloads and can achieve RPOs in the region of 5-15 seconds across thousands of virtual machines simultaneously. For example, the environment in the image below has nearly 1,000 VMs being protected with an average RPO of just six seconds! Application-Centric Protection: Group Your VMs to Gain Application-Level Control   You can protect your VMs with the Zerto application-centric approach using Virtual Protection Groups (VPGs). This logical grouping of VMs ensures that your whole applica