Week in review: MS Exchange zero-days exploited, AD attack paths, developing secure APIs


SpyCast: Cross-platform mDNS enumeration tool
SpyCast is a cross-platform mDNS enumeration tool that can work either in active mode by recursively querying services or in passive mode by only listening to multicast packets.

Attackers use novel technique, malware to compromise hypervisors and virtual machines
Unknown attackers wielding novel specialized malware have managed to compromise VMware ESXi hypervisors and guest Linux and Windows virtual machines, Mandiant threat analysts have discovered.

To encrypt or to destroy? Ransomware affiliates plan to try the latter
Researchers from Symantec, Cyderes and Stairwell have recently analyzed a new version of the Exmatter data exfiltration tool and have spotted a new capability: data corruption.

MS SQL servers are getting hacked to deliver ransomware to orgs
Cybercriminals wielding the FARGO (aka Mallox, aka TargetCompany) ransomware are targeting Microsoft SQL (MS SQL) servers, AhnLab’s ASEC analysis team has warned.

3 ways to gauge your company’s preparedness to recover from data loss
Where you store your data backup is nearly as important as creating copies in the first place. Storing your data in the cloud does not mean it is secure.

Two Microsoft Exchange zero-days exploited by attackers (CVE-2022-41040, CVE-2022-41082)
Attackers are leveraging two zero-day vulnerabilities (CVE-2022-41040, CVE-2022-41082) to breach Microsoft Exchange servers.

Phishing attacks skyrocketing, over 1 million observed
The APWG’s Phishing Activity Trends Report reveals that in the second quarter of 2022, the APWG observed 1,097,811 total phishing attacks — the worst quarter for phishing that APWG has ever observed.

RCE in Sophos Firewall is being exploited in the wild (CVE-2022-3236)
Sophos has patched an actively exploited remote code execution vulnerability (CVE-2022-3236) in its Firewall solutions, and has pushed the fix to customers who have automatic installation of hotfixes enabled.

The various ways ransomware impacts your organization
Despite increased investment in tools to fight ransomware, 90% of organizations were affected by ransomware in some capacity over the past 12 months, according to SpyCloud’s 2022 Ransomware Defense Report.

Making a business case for security in a world of tightening budgets
With talk of a possible recession approaching (if one isn’t already upon us), many businesses are already applying a higher level of scrutiny to spending—even for business-critical costs like cybersecurity.

65% of companies are considering adopting VPN alternatives
Despite high awareness of VPN risks, remote work forced many companies to rely more heavily on legacy access methods during the pandemic. At the same time, cybercriminals continue to take advantage of long-standing security vulnerabilities and increased attacks on VPNs, according to Zscaler’s VPN Risk Report.

3 types of attack paths in Microsoft Active Directory environments
A common question we are asked by clients after deploying is, “Are attack paths in Active Directory this bad for everyone?”

Open source projects under attack, with enterprises as the ultimate targets
Sonatype has found a massive year-over-year increase in cyberattacks aimed at open source projects.

The holy trifecta for developing a secure API
It’s hard to write good API specifications, and since most API gateways use them as IAC, they should be carefully checked for common mistakes.

Introducing the book: Project Zero Trust
In this Help Net Security video interview, George Finney, CSO at Southern Methodist University, talks about his latest book – “Project Zero Trust: A Story about a Strategy for Aligning Security and the Business“.

Multi-platform Chaos malware threatens to live up to its name
Chaos, new multipurpose malware written in the Go programming language, is spreading across the world.

How the CIO’s relationship to IT security is changing
In this Help Net Security video, Joe Leonard, CTO at GuidePoint Security, illustrates how the role of the CIO is changing as cybersecurity priorities and responsibilities are creeping into the job description.

CI Fuzz CLI: Open-source tool simplifies fuzz testing for C++
Fuzz testing helps developers protect their applications against memory corruptions, crashes that cause downtime, and other security issues, including DoS and uncaught exceptions.

The key differences between a business continuity plan and a disaster recovery plan
In this Help Net Security video, Chip Gibbons, CISO at Thrive, illustrates the differences between a business continuity plan and a disaster recovery plan.

Wolfi Linux provides the control needed to fix modern supply chain threats
With Wolfi, developers can start with a secure-by-default foundation that reduces time spent reviewing and mitigating security vulnerabilities and increases productivity.

A personal perspective on investing in cybersecurity
In this Help Net Security video, Nick Kingsbury, Partner at Amadeus Capital Partners, offers a unique perspective on investing in cybersecurity.

Cloud security trends: What makes cloud infrastructure vulnerable to threats?
In this Help Net Security video, Chris Caridi, Strategic Cyber Threat Analyst at IBM X-Force, talks about the findings of the latest IBM Security X-Force Cloud Security Threat Landscape Report.

Embedded IoT security threats and challenges
In this Help Net Security video, Hubertus Grobbel, VP of Security Solutions at Swissbit, discusses the insecurity of IoT devices and offers tips on how to secure them.

The significance of parallel tasks execution for security teams
In this Help Net Security video, Leonid Belkind, CTO at Torq, discusses parallel execution, which enables security operations professionals to execute more tasks simultaneously to enrich, analyze, contain, and resolve security threats.

The current state of cloud security
In this Help Net Security video, Ryan Sydlik, Security Engineer at Telos, explores where cloud security stands today, what challenges remain from the pandemic, and how organizations can address them.

Why zero trust should be the foundation of your cybersecurity ecosystem
For cybersecurity professionals, it is a huge challenge to separate the “good guys” from the “villains”. In the past, most cyberattacks could simply be traced to external cybercriminals, cyberterrorists, or rogue nation-states. But not anymore.

New infosec products of the week: September 30, 2022
Here’s a look at the most interesting products from the past week, featuring releases from Illumio, Malwarebytes, Netography, TransUnion, and Truecaller.

More about

Don't miss