FireEye has an interesting article on how attackers prefer to use an interactive RDP session to move laterally within an organisation over non graphical interfaces. To circumvent firewalls that block RDP, attackers leverage SSH which is often allowed, to then successfully tunnel RDP sessions. Prevention includes using central jump boxes for RDP initiation, and detection includes monitoring of unusual source/ target connections.
New Zealand’s Computer Emergency Response Team (CERT), CERT NZ, has released its top 10 critical controls list for organisations. New controls for this year of “implementing network segmentation” and “manage cloud authentication” have replaced “removing legacy systems” and “managing BYOD devices”. Their number 1 control recommendation is enforcing MFA.
CISA has issued its first Emergency Directive to US Federal agencies to mitigate DNS infrastructure tampering. The directive is in response to research from FireEye that CISA explains as “roughly equivalent to someone lying to the post office about your address, checking your mail, and then hand delivering it to your mailbox”. The directive requires, amongst other things, a relatively new protection measure to monitor certificate transparency logs to detect unauthorised SSL certs (see the free monitoring tool from Facebook as a guide).
A researcher has provided details related to Microsoft Exchange Server and how to “escalate from any user with a mailbox to Domain Admin in probably 90% of the organisations I’ve seen that use Exchange”. The report also includes mitigation options.
Apple has released iOS 12.1.3. The update resolves a number of vulnerabilities that include vulnerabilities that are credited to the person who claims to have remotely jailbroken the iPhoneX. I wonder if the $2 million bounty specifically for this hack was of interest. Either way, update your iOS devices.
7-8 March 2019, London, Identity and Access Management Summit
12-13 March 2019, London, Cloud and Cyber Security Expo
14 March 2019, London, CRESTCon
24-25 April 2019, Glasgow, CYBERUK
25-26 April 2019, London, Cyber Security and Cloud Expo
4-6 June 2019, London, Infosecurity Europe
June 2019, London, Security BSides
October 2019, London, FT Cyber Security Summit Europe
20 November 2019, London, Cyber Security Summit