Frame-14

Privacy Ninja

        • DATA PROTECTION

        • Email Spoofing Prevention
        • Check if your organization email is vulnerable to hackers and put a stop to it. Receive your free test today!
        • Email Phishing Excercise
        • Strengthen your defense against email threats via simulated attacks that test and educate your team on spotting malicious emails, reducing breach risks and boosting security.

        • AntiHACK Phone
        • Boost your smartphone’s security with enterprise-level encryption, designed by digital forensics and counterintelligence experts, guaranteeing absolute privacy for you and up to 31 others, plus a guest user, through exclusive access.

        • CYBERSECURITY

        • Secure your network against various threat points. VA starts at only S$1,000, while VAPT starts at S$3,000. With Price Beat Guarantee!

        • API Penetration Testing
        • Secure your digital frontiers with our API penetration testing service, meticulously designed to identify and fortify vulnerabilities, ensuring robust protection against cyber threats.

        • Network Penetration Testing
        • Strengthen your network’s defenses with our comprehensive penetration testing service, tailored to uncover and seal security gaps, safeguarding your infrastructure from cyber attacks.

        • Mobile Penetration Testing
        • Strengthen your network’s defenses with our comprehensive penetration testing service, tailored to uncover and seal security gaps, safeguarding your infrastructure from cyber attacks.

        • Web Penetration Testing
        • Fortify your web presence with our specialized web penetration testing service, designed to uncover and address vulnerabilities, ensuring your website stands resilient against online threats.

        • RAPID DIGITALISATION

        • OTHERS

Microsoft: Iranian Hackers Actively Exploiting Windows Zerologon Flaw

Microsoft: Iranian Hackers Actively Exploiting Windows Zerologon Flaw

Microsoft today warned that the Iranian-backed MuddyWater cyber-espionage group was observed using ZeroLogon exploits in multiple attacks during the last two weeks.

The ongoing attacks exploiting the critical 10/10 rated CVE-2020-1472 security flaw were spotted by Microsoft’s Threat Intelligence Center.

“MSTIC has observed activity by the nation-state actor MERCURY using the CVE-2020-1472 exploit (ZeroLogon) in active campaigns over the last 2 weeks,” Microsoft warned earlier today. “We strongly recommend patching.”

The company issued a similar warning last month, on September 23, urging IT admins to apply security updates update issued as part of the August 2020 Patch Tuesday to defend against attacks using public ZeroLogon exploits.

A week later, Cisco Talos also warned of  “a spike in exploitation attempts against the Microsoft vulnerability CVE-2020-1472, an elevation of privilege bug in Netlogon.”

Also Read: How Being Data Protection Trained Can Help With Job Retention

The Windows Server Zerologon vulnerability

Zerologon is a critical security flaw that enables attackers to elevate privileges to a domain administrator when successfully exploited, enabling them to take control over the entire domain, to change any user’s password, and to execute any command.

Microsoft is rolling out the fix for Zerologon two stages since it can cause some of the affected devices to experience authentication issues.

The first one, released on August 11, blocks Windows Active Directory Domain controllers from using unsecured RPC communication and logs auth requests from non-Windows devices that don’t use secure RPC channels to allow admins to fix or replace affected devices.

Starting with the February 2021 Patch Tuesday updates, Microsoft will release another update to enable enforcement mode which requires all network devices to use secure-RPC, unless specifically allowed by admins.

On September 29, Microsoft clarified the steps admins should take to protect devices against ongoing attacks using Zerologon exploits.

The update plan outlined by Microsoft at the time includes the following actions:

  1. UPDATE your Domain Controllers with an update released August 11, 2020 or later.
  2. FIND which devices are making vulnerable connections by monitoring event logs.
  3. ADDRESS non-compliant devices making vulnerable connections.
  4. ENABLE enforcement mode to address CVE-2020-1472 in your environment.

MERCURY – Iranian cyber-espionage group

MERCURY (also tracked as MuddyWaterSeedWorm, and TEMP.Zagros) is an Iranian-backed hacking group first spotted in 2017 [12] and active since at least May 2017.

The group is known for mainly targeting Middle Eastern and Asian entities, with most of their attacks being focused on organizations in the telecommunications, government (IT services), and oil industry sectors.

Despite being a relatively new APT group, MERCURY is very active, having made 131 victims between late-September and mid-November 2018 as detailed by a Symantec report.

The MERCURY hackers were also seen expanding their attacks to defense and government entities in Central and Southwest Asia, as well as numerous privately-held and public companies from North America, Europe, and Asia [1, 2, 3].

Also Read: Understanding The Data Intermediary In Data Protection

0 Comments

KEEP IN TOUCH

Subscribe to our mailing list to get free tips on Data Protection and Data Privacy updates weekly!

Personal Data Protection

REPORTING DATA BREACH TO PDPC?

We have assisted numerous companies to prepare proper and accurate reports to PDPC to minimise financial penalties.
×

Hello!

Click one of our contacts below to chat on WhatsApp

× Chat with us