Security News

UC San Diego Health, the academic health system of the University of California, San Diego, has disclosed a data breach after the compromise of some employees' email accounts. UC San Diego Health is one of the nation's best hospitals, being repeatedly ranked as the best health care system in San Diego, according to the 2021-2022 U.S. News & World Report survey.

To ward off the attack known as PetitPotam, Microsoft advises you to disable NTLM authentication on your Windows domain controller. Microsoft is sounding an alert about a threat against Windows domain controllers that would allow attackers to capture NTLM credentials and certificates.

IT management software firm Kaseya on Monday said it did not pay any money to cybercriminals, following speculation that it may have paid a ransom to obtain a decryptor that would allow customers hit by the recent ransomware attack to recover their files. "Recent reports have suggested that our continued silence on whether Kaseya paid the ransom may encourage additional ransomware attacks, but nothing could be further from our goal," Kaseya said in a statement.

A recently disclosed vulnerability affecting a popular survey creation tool has been exploited by a threat group that may be linked to China against organizations in the United States. Sygnia does not mention China in its report, but the company said it found some links to attacks that were previously attributed to the Chinese government.

South Africa's state-owned logistics firm said Tuesday it was working to restore systems following a major cyber-attack last week that hit the country's key port terminals. The attack began on July 22 but continued, forcing Transnet to switch to manual systems, it said.

The bug, CVE-2021-30807, was found in the iGiant's IOMobileFrameBuffer code, a kernel extension for managing the screen frame buffer that could be abused to run malicious code on the affected device. Apple did not say who might be involved in the exploitation of this bug.

A newly uncovered security flaw in the Windows operating system can be exploited to coerce remote Windows servers, including Domain Controllers, to authenticate with a malicious destination, thereby allowing an adversary to stage an NTLM relay attack and completely take over a Windows domain. Specifically, the attack enables a domain controller to authenticate against a remote NTLM under a bad actor's control using the MS-EFSRPC interface and share its authentication information.

Microsoft was quick to respond with a fix to an attack dubbed "PetitPotam" that could force remote Windows systems to reveal password hashes that could then be easily cracked. The PetitPotam PoC is a form of manipulator-in-the-middle attack against Microsoft's NTLM authentication system.

The hack, which he has dubbed PetitPotam, involves what's known as an NTLM relay attack, which is a form of manipulator-in-the-middle attack against Microsoft's NTLM authentication system. Microsoft has been advising everyone to avoid NTLM, short for NT LAN Manager, for more than a decade, because it doesn't meet modern cryptographic security standards.

Keeper's research reveals that in addition to knocking systems offline, ransomware attacks degrade productivity, cause organizations to incur significant indirect costs, and mar their reputations. One of the most damaging myths about ransomware attacks is, "If your company does regular system backups, you don't have to worry. Just restore from the backup." While system backups are crucial - power outages, natural disasters, or even mistakes by employees can destroy data just as quickly as a cyberattack - they're not a silver bullet.