Weekly threat roundup: SolarWinds-style hack, macOS Big Sur, Telegram

Pulling together the most dangerous and pressing flaws that businesses need to patch

Patch management is far easier said than done, and security teams may often be forced into prioritising fixes for several business-critical systems, all released at once. It’s become typical, for example, to expect dozens of patches to be released on Microsoft’s Patch Tuesday, with other vendors also routinely getting in on the act.

Below, IT Pro has collated the most pressing disclosures from the last seven days, including details such as a summary of the exploit mechanism, and whether the vulnerability is being exploited in the wild. This is in order to give teams a sense of which bugs and flaws might pose the most dangerous immediate security risks.

Irretrievable data loss in macOS Big Sur

Apple has patched a programming bug in its flagship macOS Big Sur operating system that could lead to users being locked away from their data during a major software upgrade.

Usually, before any Mac device undergoes a significant OS update, the installation software performs a check for how much free hard disk space is available. In versions 11.2 and 11.3 of Big Sur, however, the check didn’t work as intended, according to Mr Macintosh, meaning the upgrade started even if users only had a few megabytes of space remaining.

The installer would eventually get stuck in a boot loop as it tried and failed to complete the installation. For users with Mac devices fitted with the T2 security chip and FileVault 2 encryption enabled, the problem was made worse, as this potent combination would permanently lock them out of their hard disk due to a failure to accept correct passwords in the recovery prompts following the installation process.

Centreon hit by SolarWinds-style supply-chain attack

French authorities have uncovered a wide-reaching supply-chain attack targeting several major organisations by hackers who compromised Centreon, an enterprise IT platform.

Centreon describes itself as a firm offering IT monitoring services that provide visibility to complex IT workflows from the cloud to the edge, with its customers including Airbus and Orange. The ANSSI cyber security agency claimed the hackers mainly targeted IT providers, and web hosting companies specifically.

The attack, which bears striking similarities to the devastating SolarWinds attack disclosed a few months ago, was orchestrated by alleged Russian cyber criminals, based on early evidence uncovered by investigators. One backdoor, for example, was identical to the Exaramel backdoor previously linked with the Russian TeleBots threat group.

Telegram patches major security holes

More than a dozen major vulnerabilities that could be triggered by remote hackers were fixed in the Telegram messaging service last year, according to a security researcher.

These 13 memory corruption flaws could have allowed attackers to send malicious animated stickers to users in order to gain access to their private messages, photos and video clips, if successfully exploited.

The leading WhatsApp alternative has now fixed all 13 flaws identified by the vulnerability researcher known as Polict, in three updates released across September and October for the Android, iOS, and macOS apps.

QNAP’s Surveillance Station vulnerable to exploitation

QNAP has patched a critical security flaw in its Surveillance Station app that, if exploited, could allow hackers to execute malicious code remotely on network-attached storage (NAS) devices running the software.

This app functions as a surveillance management system and can connect with up to 12 internet protocol (IP) cameras. However, It was found to be embedded with a stack-based buffer overflow vulnerability tracked as CVE-2020-2501, that meant NAS devices managed by the app were vulnerable to remote attack.

QNAP has now patched this bug, alongside fixing a separate cross-site scripting (XSS) flaw in its Photo Station app. This XSS flaw, which could’ve allowed hackers to inject malicious code into the service, was tagged CVE-2020-2502 and rated ‘medium’ in severity.

Featured Resources

Unlocking collaboration: Making software work better together

How to improve collaboration and agility with the right tech

Download now

Four steps to field service excellence

How to thrive in the experience economy

Download now

Six things a developer should know about Postgres

Why enterprises are choosing PostgreSQL

Download now

The path to CX excellence for B2B services

The four stages to thrive in the experience economy

Download now

Recommended

HackBoss malware is using Telegram to steal cryptocurrency from other hackers
cryptocurrencies

HackBoss malware is using Telegram to steal cryptocurrency from other hackers

16 Apr 2021
FBI shuts down web shells in hacked Exchange servers
cyber security

FBI shuts down web shells in hacked Exchange servers

14 Apr 2021
Russia launched over a million cyber attacks in three months
hacking

Russia launched over a million cyber attacks in three months

13 Apr 2021
Hackers leak data from dark web marketplace
cyber security

Hackers leak data from dark web marketplace

9 Apr 2021

Most Popular

Microsoft is submerging servers in boiling liquid to prevent Teams outages
data centres

Microsoft is submerging servers in boiling liquid to prevent Teams outages

7 Apr 2021
NSA uncovers new "critical" flaws in Microsoft Exchange Server
servers

NSA uncovers new "critical" flaws in Microsoft Exchange Server

14 Apr 2021
Xiaomi Redmi Note 10 Pro review: Champagne tastes on a lemonade budget
Mobile Phones

Xiaomi Redmi Note 10 Pro review: Champagne tastes on a lemonade budget

13 Apr 2021