CyberSec Roundup
A synopsis of the Latest Cybersecurity News
New Attack to Hack Windows Domain Controllers
French security researcher Topotam discovered a new NTLM relay attack that can be used to take control of Windows domain controllers and other Windows servers. Typically, this attack would utilize the MS-RPRN printing API which could be mitigated by disabling Microsoft’s Print Spooler service. The new method, called PetitPotam, uses Microsoft’s Encrypting File System Remote Protocol. To mitigate against these attacks, Microsoft published a security advisory advising administrators to disable NTLM where not needed or implement Extended Protection for Authentication.
Relief Kaseya Ransomware Victims
There may be some light on the horizon for some of the Kaseya Ransomware victims who were relying on the decryptor for their encrypted files. Last week Kaseya obtained the universal decryptor for victims of the REvil ransomware attack, and they are using it to assist any customers who may still need it. This is good news as some customers who paid the ransom received decryptor keys that weren’t working, and were left out in the cold after REvil had shut down their operations.
Critical Oracle WebLogic Vulnerability
Oracle’s quarterly patch update addresses a serious vulnerability tracked as CVE-2019-2729. It affects the Oracle WebLogic application server, and is a remote code execution vulnerability that could be exploited over a network without the need for a username and password. Customers are asked to urgently update their application servers to avoid potential exploitation.
By: David Pinder
IT & Security Consultant
Certified Ethical Hacker (Master)