July 19, 2022
David Redekop

Welcome to this week in NerdNews (TWINN) #81 Your weekly top 5 technical and security issues Nerds should pay attention to: Active Directory as Crown Jewel

This Week In Nerd News 81

This Week In Nerd News 81

YouTube video

Active Directory is literally the crown jewel of any organization’s technology. It is a building block on which everything else relies. If AD is compromised, that battle has been lost in favour of the attacker. The only question at that point is how much damage can or will be done; whether the attacker chooses it as a conduit to further compromise or stop and demand a ransom in exchange of getting the crown jewel back from its encrypted state.

We’ve been addressing this for some time in our industry and the fundamentals still apply, namely network segmentation to make lateral movements more challenging, setting endpoints to use a relay DNS, and zero trust connectivity so that only verified assets even have network access to AD, and finally, making it impossible for an AD controller to have any malware persistence. This is very practical now, and by itself will stop currently-known threat models dead in their tracks.

However, now there’s a new threat we need to worry about: bugs in software that have AD access:

Netwrix Auditor Bug Could Lead to Active Directory Domain Compromise.

Netwrix IT asset tracker and compliance auditor, used across more than 11,500 organizations, contains a critical Insecure Object Deserialization vulnerability that could lead to Active Directory sdomain compromise.

IT asset tracker and auditor software has a critical issue with insecure object deserialization that could allow threat actors to execute code, researchers say.

Read More: Netwrix Auditor Bug Could Lead to Active Directory Domain Compromise

BlackCat ransomware could be about to get a whole lot nastier.

New tools added to BlackCat arsenal called Brute Ratel, possibly more powerful than Cobalt Strike, an attack/simulation tool often used in actual attacks. Watch out for outdated industrial control systems, as they are the target!

Following a spate of recent attacks, the notorious BlackCat ransomware could be about to get a whole lot nastier, new research has claimed.

Read More: BlackCat ransomware could be about to get a whole lot nastier

Password recovery tool infects industrial systems with Sality malware.

Every seasoned IT specialist has come across a need to recover or reset a password to previously-configured industrial equipment that wasn’t documented. Beware of your password recovery tool usage!

A threat actor is infecting industrial control systems (ICS) to create a botnet through password “cracking” software for programmable logic controllers (PLCs).

Read More: Password recovery tool infects industrial systems with Sality malware

CISA adds Windows bug to exploited list, urges agencies to patch by August 2.

Microsoft has detected exploitation of CVE-2022-22047 so this is important not just for government offices, but for businesses everywhere.

The Cybersecurity and Infrastructure Security Agency ordered all federal civilian agencies to patch a Windows vulnerability by August 2 after Microsoft said it had detected exploitation of the bug.

Read More: CISA adds Windows bug to exploited list, urges agencies to patch by August 2

Pegasus Spyware Used Against Thailand’s Pro-Democracy Movement.

The good news is that the ongoing investigation was triggered by Apple noticing the exploit first. This is just another reminder this week, that patching isn’t fast enough. Other protection mechanisms are essential.

The Kingdom of Thailand is a constitutional monarchy with a parliamentary-style government divided into executive, legislative, and judiciary branches. The country has been beset by intense political conflict since 2005, during the government of former Prime Minister Thaksin Shinawatra. Corruption allegations against the regime culminated in a military coup on September 19, 2006 that ousted Thaksin. The military launched another coup on May 22, 2014 and seized power following mass protests against the civilian government led by Thaksin’s sister, Yingluck Shinawatra. The junta claimed that the 2014 coup was needed to restore order and called itself the National Council for Peace and Order (NCPO).

Read More: Pegasus Spyware Used Against Thailand’s Pro-Democracy Movement

Did you know?

SwiftBar is a dream come true to integrate a script in just about any language into your macOS menu!

Need an IT professional? Request service today.