fbpx
Frame-14

Privacy Ninja

        • DATA PROTECTION

        • CYBERSECURITY

        • Penetration Testing

          Secure your network against various threat points. VA starts at only S$1,000, while VAPT starts at S$4,000. With Price Beat Guarantee!

        • API Penetration Testing
        • Enhance your digital security posture with our approach that identifies and addresses vulnerabilities within your API framework, ensuring robust protection against cyber threats targeting your digital interfaces.

        • On-Prem & Cloud Network Penetration Testing
        • Boost your network’s resilience with our assessment that uncovers security gaps, so you can strengthen your defences against sophisticated cyber threats targeting your network

        • Web Penetration Testing
        • Fortify your web presence with our specialised web app penetration testing service, designed to uncover and address vulnerabilities, ensuring your website stands resilient against online threats

        • Mobile Penetration Testing
        • Strengthen your mobile ecosystem’s resilience with our in-depth penetration testing service. From applications to underlying systems, we meticulously probe for vulnerabilities

        • Cyber Hygiene Training
        • Empower your team with essential cybersecurity knowledge, covering the latest vulnerabilities, best practices, and proactive defence strategies

        • Thick Client Penetration Testing
        • Elevate your application’s security with our thorough thick client penetration testing service. From standalone desktop applications to complex client-server systems, we meticulously probe for vulnerabilities to fortify your software against potential cyber threats.

        • Source Code Review
        • Ensure the integrity and security of your codebase with our comprehensive service, meticulously analysing code quality, identifying vulnerabilities, and optimising performance for various types of applications, scripts, plugins, and more

        • Email Spoofing Prevention
        • Check if your organisation’s email is vulnerable to hackers and put a stop to it. Receive your free test today!

        • Email Phishing Excercise
        • Strengthen your defense against email threats via simulated attacks that test and educate your team on spotting malicious emails, reducing breach risks and boosting security.

        • Cyber Essentials Bundle
        • Equip your organisation with essential cyber protection through our packages, featuring quarterly breached accounts monitoring, email phishing campaigns, cyber hygiene training, and more. LAUNCHING SOON.

Microsoft Defender For Identity To Detect Windows Bronze Bit Attacks

Microsoft Defender For Identity To Detect Windows Bronze Bit Attacks

Microsoft is working on adding support for Bronze Bit attacks detection to Microsoft Defender for Identity to make it easier for Security Operations teams to detect attempts to abuse a Windows Kerberos security bypass bug tracked as CVE-2020-17049.

Microsoft Defender for Identity (previously Azure Advanced Threat Protection or Azure ATP) is a cloud-based security solution that leverages on-premises Active Directory signals.

It enables SecOps teams to detect and investigate compromised advanced threats, identities, and malicious insider activity targeting enrolled organizations.

Also Read: National Cybersecurity Awareness Campaign of Singapore: Better Cyber Safe than Sorry

Landing in two months

“An alert will be triggered when there is evidence of suspicious Kerberos delegation attempts using the BronzeBit method, where a user has attempted to use a ticket to delegate access to a particular resource,” Microsoft explains on the Microsoft 365 roadmap.

The flaw (patched by Microsoft during November 2020’s Patch Tuesday) can be exploited in what Jake Karnes, the security consultant who discovered, has named Kerberos Bronze Bit attacks.

Microsoft addressed the Bronze Bit vulnerability in a two-phase staged rollout, with the initial deployment phase on December 8 and an automatic enforcement phase on February 9.

One month after Microsoft issued the CVE-2020-17049 patches, Karnes published a proof-of-concept (PoC) exploit code and full details on how it could be used.

The exploit can bypass Kerberos delegation protection, allowing attackers to escalate privileges, impersonate targeted users, and move laterally within compromised environments.

He has shared a low-level overview with additional info on the Kerberos protocol, including practical exploit scenarios and details on implementing and using Kerberos Bronze Bit attacks against vulnerable servers.

The release of all these additional details and the PoC exploit would probably make it a lot easier to breach Windows servers unpatched against CVE-2020-17049 and was what likely prompted Redmond to add Bronze Bit detection support to Microsoft Defender for Identity.

PrintNightmare and Zerologon attack detection also available

In July, Microsoft also added support for PrintNightmare exploitation detection to Microsoft Defender for Identity after including Zerologon exploitation detection in November 2020.

Both are critical security vulnerabilities, with PrintNightmare (CVE-2021-34527) allowing attackers to take over affected servers by elevating privileges to Domain Administrator while Zerologon (CVE-2020-1472) can be exploited to elevate privileges to spoof a domain controller account that leads to complete control of the entire domain.

Also Read: Revised Technology Risk Management Guidelines of Singapore

Multiple threat actors, including ransomware gangs like Vice SocietyConti, and Magniber, already use PrintNightmare exploits to compromise unpatched Windows servers.

Both state-backed and financially motivated threat actors are also exploiting systems unpatched against the ZeroLogon vulnerability since the end of October and in September, with more having joined since then, including:

Also in July, Microsoft rolled out another Defender for Identity update that enables security operations (SecOps) teams to block attack attempts by locking compromised users’ Active Directory accounts.

Defender for Identity is bundled with Microsoft 365 E5 but, if you don’t have a subscription already, you can also get a Security E5 trial to give these features a spin.

0 Comments

KEEP IN TOUCH

Subscribe to our mailing list to get free tips on Data Protection and Data Privacy updates weekly!

Personal Data Protection

REPORTING DATA BREACH TO PDPC?

We have assisted numerous companies to prepare proper and accurate reports to PDPC to minimise financial penalties.
×

Hello!

Click one of our contacts below to chat on WhatsApp

× Chat with us