AttackWise cyber security round-up 23 February 2019

//AttackWise cyber security round-up 23 February 2019

In the news

Research, reports, opinions

  • Researchers have shown that it is possible to extract the master password from Locked Password managers including Keepass, Dashlane, 1Password, and LastPass.
  • An interesting write-up by Talos on techniques used by malware to evade detection using human interaction prompts and false C2 domains to detect sandbox environments.
  • Proof that simple hacks still work; a description of credential stealing malware called Separ that makes no real attempts to hide it’s techniques. Targets are sent a .exe file by email, the executable runs visual basic scripts that use tools from to dump credentials before then uploading to using a hard coded username and password.
  • Another example of malware using modular approaches to download their payload, this time using legitimate remote admin tool Radmin.
  • Trivial example of how to bypass IPS/ IDS. When we tested the proof of concept it bypassed Snort IPS without a problem.
  • If you use Office 365 and leverage Pass Through Authentication (PTA) here is a good reason to protect your AD Connect server to avoid credential harvesting.

Security advisories

  • Cisco has released 18 security advisories in the last week, 7 of which are rated “High”. Items affected include Prime, Hyperflex, and Open Containers.
  • SAP has released their February advisories; 13 in total, 4 with a CVE scope above 8.
  • Adobe has released updates that includes resolution of an issue recently demonstrated where just opening a file allow NTLM credentials to be captured via SMB.
  • Highly Critical vulnerability in Drupal website CMS.

UK industry events