Perhaps you have recently seen some shocking statistics concerning the prevalence of identity theft, or perhaps you have a close friend who has gone through a terrible and stressful fraud situation. Even worse, you could already be familiar with the terrifying consequences of identity theft. Whatever the situation, you probably feel helpless to take any action to safeguard yourself. You’re not alone; this feeling is widespread.
With the global economy experiencing a slowdown, security teams are feeling the pressure to reduce costs without sacrificing security. But while it's important to be fiscally responsible, making cuts in the wrong areas can put your organization at risk. Malicious actors know that businesses are under even more pressure during times of economic turmoil.
MSPs are being targeted by cybercriminals, as a single successful attack opens the door to multiple victims. This puts additional pressure on cybersecurity partners to step up the security services they offer their customers. The figures are worrying, as 9 out of 10 managed service providers state they have suffered a successful cyberattack since the start of the pandemic. This means MSPs are overtaking end users as the main target of malware, ransomware, phishing and other threats.
Remember the era when we all bought software on DVDs and CDs from stores with literally zero worry about security? Well, the time has changed, and we have gone all digital, including purchasing software where security is at stake. So how does one know if a particular software is legit and hasn’t been accessed by a third party? This is where Code Signing Certificates come to the rescue! So, does one get them?
Abusing a gMSA is relatively simple conceptually. First, get its password using a tool like Mimikatz or by querying it directly due to insecure configurations in Active Directory. Since gMSAs are service accounts, they’re usually relatively privileged, so you’ll usually be able to move laterally or escalate. Let’s walk through an example scenario.
In our previous blog breaking down The 5 Fundamentals of Cloud Security, we discussed the importance of knowing your environment. Teams need to have a comprehensive inventory of their cloud environments to have a clear understanding of the security risks that might exist within. With that in mind, let’s explore the importance of vulnerability prevention and secure design working together to keep threat actors from gaining meaningful access to your organization’s cloud control plane.
A customer posed this question to me recently; after pausing and smiling (a little too) broadly, he continued, “Their lips are moving.” I thought this would be funnier if it weren’t partly true. The software industry has over-promised and under-delivered for years, making technical executives rightfully skeptical when they hear a new promise. Unfortunately, it’s common for software to lack promised features or to create new headaches when deployed across the enterprise.
In a new article for HelpNet Security, Leon Juranic, security research team lead at Mend, states the case for taking proactive defensive steps against a new attack called Evil-Colon. Evil-Colon works similarly to the now defunct Poison-NULL-Byte attacks, and it has the potential to cause severe disruption to your code if not properly addressed. What does all this mean? In a nutshell, it’s possible to exploit applications that are performing path-based operations with user input in various ways.
