Security News > 2022 > May

Microsoft has shared guidance to help admins defend their Windows enterprise environments against KrbRelayUp attacks that enable attackers to gain SYSTEM privileges on Windows systems with default configurations. Attackers can launch this attack using the KrbRelayUp tool developed by security researcher Mor Davidovich as an open-source wrapper for Rubeus, KrbRelay, SCMUACBypass, PowerMad/SharpMad, Whisker, and ADCSPwn privilege escalation tools.

Zyxel has published a security advisory to warn admins about multiple vulnerabilities affecting a wide range of firewall, AP, and AP controller products. Large organizations use Zyxel products, and any exploitable flaws in them immediately capture the attention of threat actors.

European privacy campaigner Max Schrems is warning that enhancements to the EU-US Privacy Shield data-sharing arrangements might face a legal challenge if negotiators don't take a new approach. In 2020, the European Court of Justice struck down the so-called Privacy Shield after Schrems successfully argued it gave US government agencies access to EU citizens' personal data without commensurate protection.

Python packages are generally updated often as their developers add new functionalities or features, remove bugs or increase stability. An old Python package named "Ctx," not updated since 2014, suddenly came back to life with new updates.

Two Russian internet service providers have received notices from Google that the global caching servers on their network have been disabled. A caching server is an ISP-bound node for fast serving Google content faster to internet subscribers and maintain high access reliability even during outages.

Microsoft Defender vs Trellix: EDR software comparison We may be compensated by vendors who appear on this page through methods such as affiliate links or sponsored partnerships. Microsoft Defender for Endpoint is an endpoint security tool that provides threat alerts and attack mitigation for phishing, malware and ransomware.

NordLayer is not just a client-based VPN tool that you have your employees install and hope they remember to use, it also includes an admin console that allows you to keep tabs on those employees if they're using the VPN, and what gateways they've connected to. NordLayer also features threat management, network management, 2FA/SSO/biometric authentication, auto-connect, network segmentation, site-to-site dedicated gateways, shared servers, AES 256-bit encryption, ThreatBlock, custom DNS, dedicated IP addresses, jailbroken device detection and smart remote access.

The Industrial Spy data extortion marketplace has now launched its own ransomware operation, where they now also encrypt victim's devices. Last month, we reported on a new data extortion marketplace called Industrial Spy that allowed threat actors, and possibly even business competitors, to purchase data stolen from companies.

Brian Krebs has an interesting story of a smart ID card reader with a malware-infested Windows driver, and US government employees who inadvertently buy and use them. By all accounts, the potential attack surface here is enormous, as many federal employees clearly will purchase these readers from a myriad of online vendors when the need arises.

Customers of automaker General Motors and wedding planning company Zola have had customer accounts compromised through credential stuffing, and the criminals have used the access to redeem gift cards. Credential stuffing is a type of attack aimed at hijacking accounts.