Linux glibc security glitch / Fortinet 0-day / New AdLoad malware variant

Welcome to Security Center – our weekly update on the most devastating cyberattacks, high-severity vulnerabilities, and biggest data leaks – precisely selected by our editors.

Don’t miss it out! Sign up now and have it delivered to your inbox each Monday to start a week safe and sound. Additionally, you will receive a portion of the hottest company news and access to selected technical articles written by our experts with advice and tricks for more effective protection of your IT infrastructure.

In the meantime, let’s check what happened in the cyber-world last week.

Linux glibc security fix created a nastier Linux bug

When a glibc library’s fix was made in early June for a relatively minor problem, CVE-2021-33574, it created an even bigger one (CVE-2021-38604). In this particular case, the fix contained an even nastier bug. The new vulnerability could cause a situation where a segmentation fault could be triggered within the library. This can lead to any application using the library crashing and would cause a Denial-of-Service issue. Glibc library is the second important thing after the kernel itself. Every Linux application including interpreters of other languages (python, PHP) is linked with glibc, so the bug impact is quite high. The Linux distributors are still working out the best way to deploy the fix. In the meantime, users should upgrade to the newest stable version of glibc 2.34 or higher.

Read more

Fortinet delays patching zero-day allowing remote server takeover

Fortinet has delayed patching a zero-day command injection vulnerability found in the FortiWeb web application firewall (versions 6.3.11 and earlier) until the end of August. The issue has been discovered in June 2021 and is quite serious. Successful exploitation could lead to executing arbitrary commands as the root user on the underlying system via the SAML server configuration page. This means an attacker could take complete control of the affected device, with the highest possible privilege. A hacker might then install a persistent shell, crypto mining software, or use the compromised platform to reach into the affected network beyond the DMZ. For now, admins are advised to block access to the FortiWeb device’s management interface from untrusted networks (i.e., the Internet).

Read more

New AdLoad variant bypasses Apple’s security defenses to target macOS systems

The new AdLoad malware iteration continues to impact Mac users who rely solely on Apple’s built-in security control XProtect for threat detection. After getting around the protection incorporated by Apple, the malware installs a persistence agent, which, in turn, triggers an attack chain to deploy malicious droppers – signed with a valid signature using developer certificates – that masquerade as a fake to install malware. For those who still think that the built-in tool XProtect is fully sufficient, please take into consideration that hundreds of unique samples of a well-known adware variant have been circulating for at least 10 months and yet they still remain undetected by Apple’s malware scanner. If it does not demonstrate the necessity of adding further endpoint security controls to Mac devices, I don’t know what else does… 

Read more

More IT security must-reads

  1. T-Mobile data breach (Krebs on Security: Part 1 | Part 2)
  2. Multiple Flaws Affecting Realtek Wi-Fi SDKs Impact Nearly a Million IoT Devices (The Hacker News)
  3. Malware dev infects own PC and data ends up on intel platform (Bleeping Computer)
  4. Millions of IoT devices, baby monitors open to audio, video snooping (HackRead)
  5. Liquid cryptocurrency exchange loses $94 million following hack (Bleeping Computer)
  6. GitHub Encourages Users to Adopt Two-Factor Authentication (Security Week)
  7. Cisco won’t fix zero-day RCE vulnerability in end-of-life VPN routers (Bleeping Computer)