Security Snacks #19 – CVE trends, Faulty ShareIt & Centreon hack

Security Snacks is a weekly digest of the most notable InfoSec news.
Its purpose is to provide a one-stop source for getting a high-level view of the state of security and hacking.

Grab a coffee to go with these #SecuritySnacks! As an entrée, we have unpatched remote code execution on a popular Android app. French companies hacked via a “simili supply chain” attack serve as the main dish. And for dessert, there’s a delicious analysis of CVEs to help organization with vulnerability management and prioritization.

Notable Security News

IT services firm Centreon downplays reports of backdoor software vulnerabilities linked to Russian hacking group Sandstorm

France’s National Agency for the Security of Information Systems (ANSSI) discovered two backdoors in outdated versions of the monitoring software Centreon. It was used by several French companies that were breached as a result. The attack (attributed to Russia’s Sandstorm APT) went undetected for three years, but it only impacted obsolete open source versions of the software not Centreon customers (so, it’s like a supply chain attack… but not exactly!).

“ShareIt” Android app with over a billion downloads is a security nightmare

Trend Micro disclosed several critical vulnerabilities in ShareIt, a popular Android app for file sharing with 1.8 billion users worldwide. The bugs can be exploited to steal users’ sensitive data and run arbitrary code on their device. They remain unpatched as the vendor did not respond in 90 days.

Microsoft Internal Solorigate Investigation – Final Update

Microsoft completed its Solorigate investigation and shared new details (pertaining to source code breached) and insights on how to turn this page. In an unrelated interview, Microsoft’s president announced that the attack involved 1.000+ developers’! According to the White House, 100 companies were hit but more may be impacted as each company compromised can serve as a foothold for new attacks.

Measuring risk: Organizations urged to choose defense-in-depth over CVE whack-a-mole

Redscan analyzed more than 18,000 Common Vulnerabilities and Exposures (CVEs) published in 2020. The resulting findings are interesting for organizations that want to improve vulnerability management and better understand the threat landscape.

Web shell attacks continue to rise

Microsoft reported that the number of Web shells used in attacks almost doubled in a year. Their typical usage (to get persistence after exploiting other vulnerabilities), is explained, along with insights into their detection challenges and mitigations.

Other Interesting News

Cybercrime

Vulnerabilities

Misc.