Welcome to this week's Security Bulletins where we discuss the highlights in the security industry.
The Mozilla Open Source Support Program (MOSS), in its security audit, revealed a 7-year-old critical Remote Code Execution vulnerability in the popular Mac OS terminal application, iTerm2. It relies on the tmux integration feature in iTerm2 and has been assigned with CVE-2019-9535. The folks at iTerm2 has released a patch with version 3.3.6 and have requested to upgrade to the latest version to be secure against this vulnerability.
In a recent post in the SANS InfoSec Community Forums, a researcher called Brad analysed the information stealer malware called Vidar. Unlike other analyses, this one was focused on the data being exfiltrated by the malware. The malware was being served in the form of a Word Document. He tested the document in a sandbox to observe traffic and noticed that a zip file was being sent to the CnC server. Upon further analysing, the zip file was containing screenshots and password information, which is a common thing among such malware.
If you ever peeked at the rules behind Malware scan engines, you might have heard about YARA rules. YARA rules are used by anti-malware programs in identifying malicious files by observing certain characteristics in them. Victor Alvarez of Virustotal was the one who originally developed this and is now widely being used in Malware Research and detection. Earlier this week YARA has released a new version which comes with some welcoming changes, including several bug fixes and added functionality to the XOR modifier.
Unix's sudo utility is now a hot topic in the security industry, but unfortunately not in a good way. If you are unfamiliar with it, it is a utility for assigning privileges to users to run commands as other users, including the superuser "root". This vulnerability lets users having the "ALL" keyword in their Runas specifier to execute commands as root even though they do not have the privileges to do so. It has been assigned with CVE-2019-14287 and users are requested to upgrade the sudo package as all versions before 1.8.28 are affected.