Trustwave security teams are aware of two zero-day vulnerabilities (CVE-2022-41040 and CVE-2022-41082) impacting Microsoft Exchange Server 2013, 2016, and 2019 and organizations with Outlook Web Access facing the Internet. If exploited, the vulnerabilities can allow an attacker to elevate privilege and remote code execution capability. We immediately investigated the vulnerabilities and potential exploits and continue to monitor the situation.

The Broadway Tower in Worcestershire, England is a famous structure. It’s inspiring, beautiful, and at 62 feet high, like other similar buildings, it’s a folly. While it looks grand inside and out, it serves no purpose than to be a decoration. It’s all too easy to buy a set of policies and procedures, change the company name and some other details, then present it as an application development and security program.

After years of falling behind, the construction industry has realised the importance of its data. Construction-related businesses invested a remarkable 188% more in cybersecurity in 2018–19. Data leaks and cyberattacks have jolted sectors worldwide, affecting everyone. 55% of UK businesses experienced a cyberattack in 2019 alone, and the average damage resulting from breaches is £176,000.

Another week, another supply chain incident. It’s been only nine days since the Mend research team detected the dYdX incident, and today we have detected another supply chain malicious campaign. On October 02, 2022 at 12:12 UTC, a new npm account was registered, and a package called nuiversalify was immediately uploaded. The same threat actor then proceeded to publish more typo/spellcheck squattings of popular packages until 14:03:29 UTC, with small but irregular time gaps between uploads.

Mandiant has reported an instance in which a group of North Korean hackers tainted the PuTTY SSH client through a malicious ISO package.

Mimikatz provides a variety of ways to , but one of the most alarming is the DCSync command. Using this command, an adversary can simulate the behavior of a domain controller and ask other domain controllers to replicate information — including user password data. In fact, attackers can get any account’s NTLM password hash or even its plaintext password, including the password of the KRBTGT account, which enables them to create Golden Tickets.

Active Directory accounts with elevated privileges pose a serious security risk: They are a top target for attackers because they provide administrative access to systems and data, and they can also be misused by their owners, either deliberately or accidentally. Therefore, it’s critical for IT teams to keep close track of accounts with elevated permissions.

Despite the ongoing rise in social engineering attacks, the idea that cybersecurity is only about technology manifests within most of our minds. Organizations often neglect human behavior's impact on their cybersecurity postures. Instead, they spend lavishly on endpoint security tools, threat hunting programs, and building incident response plans. Admittedly, these security measures are a crucial part of mitigating attacks.

Account takeover fraud is not new but it is growing fast. By 2018, account takeover fraud accounted for losses of around $4 billion. In 2021, this figure increased by more than 200%, and as of today, it is estimated to exceed $12 billion. A recent paper published by Microsoft has revealed a new and disturbing way of compromising accounts where hackers hijack accounts before users register them. For instance, they create an account in Zoom or Dropbox using the user's credentials.

According to new data from Juniper Research, global spending on digital identity verification checks will rise from US$11.6 billion in 2022 to US$20.8 billion in 2027, and is expected to reach US$40 billion.