Identity Attack Watch: September 2022

Cyberattacks targeting Active Directory are on the upswing, putting pressure on AD, identity, and security teams to monitor the constantly shifting AD-focused threat landscape. To help IT pros better understand and guard against attacks involving AD, the Semperis Research Team offers this monthly roundup of recent cyberattacks that used AD to introduce or propagate malware.

Poisoning the source – How and why attackers are targeting developer accounts

Most organizations today are software development companies. It doesn’t matter much if you are building the latest in cloud computing services or manufacturing paint, you most likely have a team of software engineers building proprietary systems and at the very least you rely heavily on commercial software to keep your operation afloat. Therefore this article doesn’t just affect the start-ups with ambitions to change the IT landscape, it affects all organizations.

Private Texts Reveal World’s Rich and Famous Groveling to Elon Musk

As part of Twitter’s lawsuit against Elon Musk for his attempt to renege on acquiring the company for $44 billion, countless of Musk’s text messages were made public and published by the New York Times yesterday. The gang’s all there: tech executives, various podcasters, media executives, and more, all vying for Musk’s attention to pitch ideas about Twitter, social media companies, or a chance to be part of Musk’s purchase.

Microsoft: Two New 0-Day Flaws in Exchange Server

Microsoft Corp. is investigating reports that attackers are exploiting two previously unknown vulnerabilities in Exchange Server, a technology many organizations rely on to send and receive email. Microsoft says it is expediting work on software patches to plug the security holes. In the meantime, it is urging a subset of Exchange customers to enable a setting that could help mitigate ongoing attacks.

Why Do So Many Data Protection Programs Fail

If complex operations and administration are hindering your data protection program’s effectiveness, check out our Data Protection Transformed event, where we’ll unveil groundbreaking innovations that will help your program get to where it needs to be.

Vulnerability in tarfile module | Kaspersky official blog

In September 2022, Trellix published a report on a vulnerability in the tarfile module, which is part of a standard library for the Python programming language and can be used by anyone. The vulnerability allows an arbitrary file to be written to an arbitrary folder on the hard drive, and in some cases it also allows for malicious code execution. What makes this study noteworthy is that the problem in tarfile was discovered in August 2007 – just over 15 years ago! But back then it wasn’t considered dangerous. Let’s find out why is wasn’t, and what problems Python developers and their users could face as a result.

Exchange Server 0-Day Actively Exploited, (Fri, Sep 30th)

In a blog post, Vietnamese security company GTSC noted that they saw evidence of a new “ProxyShell” like vulnerability being exploited in the wild. The evidence came from compromised Exchange servers GTSC observed when responding to incidents [1]. Later, Trend Micro confirmed that two vulnerabilities tracked by Trend Micro’s zero-day initiative were involved in the compromise described by GTSC [2]. Trend Micro had reported the vulnerabilities to Microsoft about a month ago.

6 Ways Enterprises Can Secure Private Blockchains

There has been significant growth in organizations deploying private blockchain technology. But despite its reputation, it is essential not to assume blockchain is secure just because it relies on cryptography. An appropriate security design with controls that addresses an organization’s acceptable risk should be applied and reviewed before deploying blockchain to a production environment.