Security News

Enterprises have been warned of a new attack method that can be used by malicious actors to take complete control of a Windows domain. An unauthenticated attacker can use PetitPotam to get a targeted server to connect to their server and perform NTLM authentication.

Microsoft has released mitigations for the new PetitPotam NTLM relay attack that allows taking over a domain controller or other Windows servers. PetitPotam is a new method that can be used to conduct an NTLM relay attack discovered by French security researcher Gilles Lionel.

Microsoft has released mitigations for the new PetitPotam NTLM relay attack that allows taking over a domain controller or other Windows servers. PetitPotam is a new method that can be used to conduct an NTLM relay attack discovered by French security researcher Gilles Lionel.

A new NTLM relay attack called PetitPotam has been discovered that allows threat actors to take over a domain controller, and thus an entire Windows domain. If this attack is successful, the attacker could take over the domain controller and perform any command they wish, effectively taking over the Windows domain.

IT management software maker Kaseya on Thursday said it obtained a universal decryptor that should allow victims of the recent ransomware attack to recover their files. In early July, cybercriminals exploited vulnerabilities in a Kaseya product to deliver ransomware to MSPs who had been using that product, as well as to the customers of those MSPs. The company estimated that between 800 and 1,500 organizations received the ransomware, although some experts believe the actual number could be higher.

Nearly three-quarters of respondents said their organizations have fallen victim to a phishing attack in the last year, with 40% confirming they have experienced one in the last month. The annualized risk of a data breach resulting from mobile phishing attacks has a median value of about $1.7M, and a long tail of value of about $90M. Hackers are exploiting enterprise security gaps in the Everywhere Workplace, in which remote workers are using mobile devices more than ever before to access corporate data.

The SANS Institute will be touching down in the island city state between October 11 and 23, with a 13-strong lineup of courses. Whichever course you choose to take, you'll gain both the confidence and the technical skills to protect your organization against cyber-attacks - and go toe to toe with determined attackers if necessary.

Hit by a severe cyberattack earlier this month, IT enterprise firm Kaseya said on Thursday that it obtained a universal decryptor key for recent victims of the REvil ransomware. In an update to its ongoing post on the recent cyberattack, Kaseya confirmed receiving the decryptor key.

The French National Agency for the Security of Information Systems on Wednesday issued an alert to warn organizations that a threat group tracked as APT31 has been abusing compromised routers in its recent attacks. The agency has shared indicators of compromise to help organizations detect potential attacks.

The U.S. Cybersecurity and Infrastructure Security Agency on Wednesday released analysis reports for 13 malware samples discovered on Pulse Secure devices that were compromised in recent attacks. CISA warned in April that threat actors had been exploiting four vulnerabilities - including one zero-day flaw tracked as CVE-2021-22893 - in Pulse Connect Secure VPN appliances offered by Pulse Secure, a company that was acquired last year by Ivanti.