Security Snacks #21 – Spectre’s comeback, Exchange zero-days & Risky JSON parsing and Go packages

By Anna Hammond

March 5, 2021

Security Snacks is a weekly digest of the most notable InfoSec news.
Its purpose is to provide a one-stop source for getting a high-level view of the state of security and hacking.

Click here to subscribe

This week in #SecuritySnacks: Microsoft Exchange Server has four zero-days to urgently patch, the Spectre vulnerability is making a come back, JSON parsing and Go packages have risks you probably want to know if you use them!

Notable Security News

Microsoft fixes four zero-day flaws in Exchange Server exploited by China’s ‘Hafnium’ spies to steal victims’ data

Microsoft detected and patched four zero-days that were used to attack on-premise versions of Exchange Server. The attack is attributed “with high confidence” to Hafnium, a Chinese state-sponsored group. It was initially thought to be targeted but Huntress researchers discovered several victims, indicating that the Microsoft Exchange Server breaches are more widespread than originally though.

Suspicious finds: Researcher discovers Go typosquatting package that relays system information to Chinese tech firm

Developers, beware of malicious Go packages! A GitLab security engineer analyzed Go packages available on Github and Gitlab, in the light of all the recent supply chain attacks. They arrived to the conclusion that Go is less exposed than other languages and the recently published “Dependency confusion” attack technique isn’t an issue for Go. However, it is not totally safe from typosquatting attacks as shown by some 7 suspicious packages identified during the research.

First Fully Weaponized Spectre Exploit Discovered Online

A French researcher discovered the first working Spectre exploits (for Windows and Linux) leaked on VirusTotal. They are suspected to be modules for CANVAS, a penetration testing tool by Immunity Inc. This is a reminder to patch against this three-year-old vulnerability before threat actors copy the exploits and adapt them to attack unpatched systems.

Accellion Attack Involved Extensive Reverse Engineering

Following Accellion’s FTA hack, FireEye’s Mandiant was tasked with assessing the software. This is a report of their findings including technical details on how the attack was performed and its level of sophistication.

On a related note, Cybersecurity firm Qualys was also added to the list of Accellion hacks victims.

Research: How JSON parsers can create security risks when it comes to interoperability

Bishop Fox researchers analyzed 49 JSON parsers and found that for each language, at least one parser had weaknesses that could break business logic or lead to injection vulnerabilities. Knowing of these issues is important for developers and defenders, as parsing inconsistencies are more and more common across different technologies.

Other Interesting News






You may also like