Security News

Microsoft has shared guidance to help admins defend their Windows enterprise environments against KrbRelayUp attacks that enable attackers to gain SYSTEM privileges on Windows systems with default configurations. Attackers can launch this attack using the KrbRelayUp tool developed by security researcher Mor Davidovich as an open-source wrapper for Rubeus, KrbRelay, SCMUACBypass, PowerMad/SharpMad, Whisker, and ADCSPwn privilege escalation tools.

The maintainers of the NGINX web server project have issued mitigations to address security weaknesses in its Lightweight Directory Access Protocol Reference Implementation."NGINX Open Source and NGINX Plus are not themselves affected, and no corrective action is necessary if you do not use the reference implementation," Liam Crilly and Timo Stark of F5 Networks said in an advisory published Monday.

Security teams around the world got another shock on Thursday when news of disclosure of a PoC for an unauthenticated RCE zero-day vulnerability in Spring Core, a massively popular framework for building modern Java-based enterprise applications, began circulating online. Thanks to many security researchers, the situation is a bit clearer today and there's no need to panic just yet: Unlike Log4Shell, this new flaw - with no official CVE and currently nicknamed Spring4Shell - seems to only be exploitable in certain configurations.

As much as threat mitigation is to a degree a specialist task involving cybersecurity experts, the day to day of threat mitigation often still comes down to systems administrators. In this article, we outline the difficulties implied by enterprise threat mitigation, and explain why automated, purpose-built mitigation tools are the way forward.

Researchers have disclosed a new technique that could be used to circumvent existing hardware mitigations in modern processors from Intel, AMD, and Arm and stage speculative execution attacks such as Spectre to leak sensitive information from host memory.Attacks like Spectre are designed to break the isolation between different applications by taking advantage of an optimization technique called speculative execution in CPU hardware implementations to trick programs into accessing arbitrary locations in memory and thus leak their secrets.

A CBI and Ponemon Institute research report, based on a survey of IT and security professionals, takes a comprehensive look at companies' ransomware strategies and mitigation tactics and the operational impact of incidents. Eighty percent of companies surveyed have experienced a ransomware attack, despite spending an average of $6 million annually on ransomware mitigation resources.

The global DDoS protection and mitigation market size is expected to grow from $3.3 billion in 2021 to $6.7 billion by 2026, at a Compound Annual Growth Rate of 15.1% from 2021 to 2026, according to ResearchAndMarkets. The major factors fueling the DDoS protection and mitigation market include growing demand for sophisticated security solutions, evolving regulatory landscape, and growing volumes of business data across industries.

Due to the extraordinary widespread use of the open-source Apache Log4j library, the saga of the Log4Shell vulnerability is nowhere near finished. The recent discovery of a second Log4j vulnerability has shown that the fix to address CVE-2021-44228 in Apache Log4j 2.15.0 was incomplete in certain non-default configurations.

"The JNDI lookup feature of log4j allows variables to be retrieved via JNDI - Java Naming and Directory Interface. This is an API that that provides naming and directory functionality to Java applications. While there are many possibilities, the log4j one supports LDAP and RMI. In other words, when a new log entry is being created, and log4j encounters a JNDI reference, it will actually literally go to the supplied resource and fetch whatever it needs to fetch in order to resolve the required variable. And in this process, it might even download remote classes and execute them!".Don't underestimate the attack surface of the Remote code injection in Log4j.

Zurich North America and Advisen have released a survey of corporate risk managers and insurance buyers revealing current views about information security and cyber risk management. The survey results indicate that risk professionals are increasingly aware of their intensifying cyber risks and the need to manage them using risk mitigation and risk transfer.