fbpx
Frame-14

Privacy Ninja

        • DATA PROTECTION

        • CYBERSECURITY

        • Penetration Testing

          Secure your network against various threat points. VA starts at only S$1,000, while VAPT starts at S$4,000. With Price Beat Guarantee!

        • API Penetration Testing
        • Enhance your digital security posture with our approach that identifies and addresses vulnerabilities within your API framework, ensuring robust protection against cyber threats targeting your digital interfaces.

        • On-Prem & Cloud Network Penetration Testing
        • Boost your network’s resilience with our assessment that uncovers security gaps, so you can strengthen your defences against sophisticated cyber threats targeting your network

        • Web Penetration Testing
        • Fortify your web presence with our specialised web app penetration testing service, designed to uncover and address vulnerabilities, ensuring your website stands resilient against online threats

        • Mobile Penetration Testing
        • Strengthen your mobile ecosystem’s resilience with our in-depth penetration testing service. From applications to underlying systems, we meticulously probe for vulnerabilities

        • Cyber Hygiene Training
        • Empower your team with essential cybersecurity knowledge, covering the latest vulnerabilities, best practices, and proactive defence strategies

        • Thick Client Penetration Testing
        • Elevate your application’s security with our thorough thick client penetration testing service. From standalone desktop applications to complex client-server systems, we meticulously probe for vulnerabilities to fortify your software against potential cyber threats.

        • Source Code Review
        • Ensure the integrity and security of your codebase with our comprehensive service, meticulously analysing code quality, identifying vulnerabilities, and optimising performance for various types of applications, scripts, plugins, and more

        • Email Spoofing Prevention
        • Check if your organisation’s email is vulnerable to hackers and put a stop to it. Receive your free test today!

        • Email Phishing Excercise
        • Strengthen your defense against email threats via simulated attacks that test and educate your team on spotting malicious emails, reducing breach risks and boosting security.

        • Cyber Essentials Bundle
        • Equip your organisation with essential cyber protection through our packages, featuring quarterly breached accounts monitoring, email phishing campaigns, cyber hygiene training, and more. LAUNCHING SOON.

Microsoft Clarifies Patch Confusion For Windows Zerologon Flaw

Microsoft Clarifies Patch Confusion For Windows Zerologon Flaw

Microsoft clarified the steps customers should take to make sure that their devices are protected against ongoing attacks using Windows Server Zerologon (CVE-2020-1472) exploits.

The company revised the advisory after customers found Microsoft’s original guidance confusing and were unsure if applying the patch was enough to protect vulnerable Windows Server devices from attacks.

In a step-by-step approach, the updated advisory now explains the exact actions that administrators need to take to make sure that their environments are protected and outages are prevented in the event of an incoming attack designed to exploit servers that would otherwise be vulnerable to Zerologon exploits.

Microsoft outlined the following plan Windows admins need to follow when applying the ‘CVE-2020-1472 | Netlogon Elevation of Privilege Vulnerability’ security update issued as part of the August 2020 Patch Tuesday:

  1. UPDATE your Domain Controllers with an update released August 11, 2020 or later.
  2. FIND which devices are making vulnerable connections by monitoring event logs.
  3. ADDRESS non-compliant devices making vulnerable connections.
  4. ENABLE enforcement mode to address CVE-2020-1472 in your environment.

Also Read: Overview of the Personal Data Protection Act – SG

The Zerologon vulnerability

CVE-2020-1472 is a critical 10/10 rated security flaw was dubbed Zerologon by cybersecurity firm Secura and, when exploited, it enables attackers to elevate privileges to a domain administrator.

This makes it possible for them to take control over the domain, allowing them to change any user’s password and execute any command they want.

As the security update issued by Microsoft in August can also cause some of the affected devices to experience authentication issues, Microsoft is rolling out the Zerologon fix in two stages.

The first one was released on August 11 as a security update that will block Windows Active Directory Domain controllers from using unsecured RPC communication. 

It will also log auth requests from non-Windows devices that don’t use secure RPC channels to allow admins time to fix the devices or replace them with ones that come with support for secure RPC.

Starting February 9, 2021, as part of that month’s Patch Tuesday updates, Microsoft will then release another update that will enable enforcement mode which requires all network devices to use secure-RPC, unless specifically allowed by admins.

Ongoing Zerologon attacks

Last week, Microsoft warned admins to urgently apply security updates for Zerologon after discovering threat actors actively using CVE-2020-1472 exploits during attacks.

“We have observed attacks where public exploits have been incorporated into attacker playbooks,” Microsoft explained.

Microsoft Senior Threat Intelligence Analyst Kevin Beaumont confirmed that attacks started September 26th, with attackers successfully exploiting a vulnerable Active Directory server honeypot using a Zerologon exploit over the Internet.

“At 11:16 am UTC today (26th September 2020) somebody sent hundreds of login attempts matching the exploit chain, and then attempted to reset the domain computer password to blank (successfully, too),” Beaumont said. “This broke the domain controller for authentication.”

Yesterday, Cisco Talos security researchers also warned of  “a spike in exploitation attempts against the Microsoft vulnerability CVE-2020-1472, an elevation of privilege bug in Netlogon.”

Also Read: The PDPA Data Breach August 2020: A Recap of 8 Alarming Cases

0 Comments

KEEP IN TOUCH

Subscribe to our mailing list to get free tips on Data Protection and Data Privacy updates weekly!

Personal Data Protection

REPORTING DATA BREACH TO PDPC?

We have assisted numerous companies to prepare proper and accurate reports to PDPC to minimise financial penalties.
×

Hello!

Click one of our contacts below to chat on WhatsApp

× Chat with us