By Anna Hammond
February 19, 2021
Security Snacks is a weekly digest of the most notable InfoSec news.
Its purpose is to provide a one-stop source for getting a high-level view of the state of security and hacking.
Grab a coffee to go with these #SecuritySnacks! As an entrée, we have unpatched remote code execution on a popular Android app. French companies hacked via a “simili supply chain” attack serve as the main dish. And for dessert, there’s a delicious analysis of CVEs to help organization with vulnerability management and prioritization.
France’s National Agency for the Security of Information Systems (ANSSI) discovered two backdoors in outdated versions of the monitoring software Centreon. It was used by several French companies that were breached as a result. The attack (attributed to Russia’s Sandstorm APT) went undetected for three years, but it only impacted obsolete open source versions of the software not Centreon customers (so, it’s like a supply chain attack… but not exactly!).
“ShareIt” Android app with over a billion downloads is a security nightmare
Trend Micro disclosed several critical vulnerabilities in ShareIt, a popular Android app for file sharing with 1.8 billion users worldwide. The bugs can be exploited to steal users’ sensitive data and run arbitrary code on their device. They remain unpatched as the vendor did not respond in 90 days.
Microsoft Internal Solorigate Investigation – Final Update
Microsoft completed its Solorigate investigation and shared new details (pertaining to source code breached) and insights on how to turn this page. In an unrelated interview, Microsoft’s president announced that the attack involved 1.000+ developers’! According to the White House, 100 companies were hit but more may be impacted as each company compromised can serve as a foothold for new attacks.
Measuring risk: Organizations urged to choose defense-in-depth over CVE whack-a-mole
Redscan analyzed more than 18,000 Common Vulnerabilities and Exposures (CVEs) published in 2020. The resulting findings are interesting for organizations that want to improve vulnerability management and better understand the threat landscape.
Web shell attacks continue to rise
Microsoft reported that the number of Web shells used in attacks almost doubled in a year. Their typical usage (to get persistence after exploiting other vulnerabilities), is explained, along with insights into their detection challenges and mitigations.
Malvertiser abused WebKit zero-day to redirect iOS & macOS users to shady sites
Copycats imitate novel supply chain attack that hit tech giants
RIPE NCC discloses failed brute-force attack on its SSO service
3 North Koreans Indicted for Conspiring to Steal $1.3 Billion
Bug in shared SDK can let attackers join calls undetected across multiple apps
SQLite patches use-after-free bug that left apps open to code execution, denial-of-service exploits
A Windows Defender vulnerability lurked undetected for 12 years
Telegram for macOS failed to self-destruct messages on local devices