Security Snacks is a weekly digest of the most notable InfoSec news.
Its purpose is to provide a one-stop source for getting a high-level view of the state of security and hacking.

Click here to subscribe

Grab a coffee to go with these #SecuritySnacks! As an entrée, we have unpatched remote code execution on a popular Android app. French companies hacked via a “simili supply chain” attack serve as the main dish. And for dessert, there’s a delicious analysis of CVEs to help organization with vulnerability management and prioritization.

Notable Security News

IT services firm Centreon downplays reports of backdoor software vulnerabilities linked to Russian hacking group Sandstorm

France’s National Agency for the Security of Information Systems (ANSSI) discovered two backdoors in outdated versions of the monitoring software Centreon. It was used by several French companies that were breached as a result. The attack (attributed to Russia’s Sandstorm APT) went undetected for three years, but it only impacted obsolete open source versions of the software not Centreon customers (so, it’s like a supply chain attack… but not exactly!).

“ShareIt” Android app with over a billion downloads is a security nightmare

Trend Micro disclosed several critical vulnerabilities in ShareIt, a popular Android app for file sharing with 1.8 billion users worldwide. The bugs can be exploited to steal users’ sensitive data and run arbitrary code on their device. They remain unpatched as the vendor did not respond in 90 days.

Microsoft Internal Solorigate Investigation – Final Update

Microsoft completed its Solorigate investigation and shared new details (pertaining to source code breached) and insights on how to turn this page. In an unrelated interview, Microsoft’s president announced that the attack involved 1.000+ developers’! According to the White House, 100 companies were hit but more may be impacted as each company compromised can serve as a foothold for new attacks.

Measuring risk: Organizations urged to choose defense-in-depth over CVE whack-a-mole

Redscan analyzed more than 18,000 Common Vulnerabilities and Exposures (CVEs) published in 2020. The resulting findings are interesting for organizations that want to improve vulnerability management and better understand the threat landscape.

Web shell attacks continue to rise

Microsoft reported that the number of Web shells used in attacks almost doubled in a year. Their typical usage (to get persistence after exploiting other vulnerabilities), is explained, along with insights into their detection challenges and mitigations.

Other Interesting News

Cybercrime

• Malvertiser abused WebKit zero-day to redirect iOS & macOS users to shady sites

• Apple M1-native malware has already begun to appear

• Copycats imitate novel supply chain attack that hit tech giants

• RIPE NCC discloses failed brute-force attack on its SSO service

• 3 North Koreans Indicted for Conspiring to Steal $1.3 Billion

Vulnerabilities

• Bug in shared SDK can let attackers join calls undetected across multiple apps

• SQLite patches use-after-free bug that left apps open to code execution, denial-of-service exploits

• A Windows Defender vulnerability lurked undetected for 12 years

• Telegram for macOS failed to self-destruct messages on local devices

Misc.

• On SolarWinds, Supply Chains and Enterprise Networks

• Centris: New tool helps prevent software supply chain attacks by flagging modified open source components

• CDPA: Virginia’s new Consumer Data Protection Act heralds start of another busy year for US privacy legislators