Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

During a recent engagement, Trustwave SpiderLabs discovered an Indirect Object Reference (IDOR) vulnerability within Squiz Matrix CMS which would allow any low privileged user to change the contact details of any other user on a Squiz Matrix instance (including administrators). An attacker exploiting the vulnerability could change an administrator’s email address to an attacker-controlled email address after which the attacker could reset the administrator’s password.

“If a tree falls in a forest and no one is around to hear it, does it make a sound?” If an unmanaged device is infected with ransomware, will the security operations team receive an alert? Consider a contractor or employee who uses their personal laptop for work. If that device becomes infected with ransomware, not only does it pose a risk to the organization’s data and a risk to other devices within the organization, but the device is not centrally managed.

Another month rolls off the calendar with lots of exciting things happening at LimaCharlie. The team was on the ground at Blue Team Con which was a great experience. The most exciting thing this month would have to be the addition of Matt Bromerly to the team. Matt is joining LimaCharlie as a Lead Solutions Engineer/Developer Relations. He has deep experience and a passion for working with organizations to solve their cybersecurity challenges.

Containerization with Docker has become a major trend in web application development that many.NET developers have adopted. There are many compelling advantages for developers and DevOps engineers to containerize.NET applications, even when working with the older.NET Framework 4.x versions. However, if we don’t know how to use containers properly, we’ll experience little benefit from them.

This month, we’re excited to announce new user experience improvements for search, session management, and mobile, in addition to major improvements to our Migration App. Continue reading to learn about some of the notable capabilities added to the platform in August.

I’m thrilled to share that today marks a defining moment in Rubrik’s mission to secure the world’s data with several major milestones including: I’m proud of the Rubrik team and their relentless focus on product innovation, but we couldn’t have done this without amazing customers and partners who believe in our mission and continue to trust us with their businesses and their data.

Cyberthreats are one of the most significant challenges facing society today. From illegal political influence to personal data theft, cyberattacks are already posing a huge problem for governments, businesses, and individuals. And as attacks become more sophisticated, it’s getting harder to protect ourselves online. So, what can we expect from the future of cybersecurity? Is it possible to keep up with the speed and complexity of these advancing attacks?

Impacket’s wmiexec.py (“wmiexec”) is a popular tool used by red teams and threat actors alike. The CrowdStrike Services team commonly sees threat actors leveraging wmiexec to move laterally and execute commands on remote systems as wmiexec leverages Windows native protocols to more easily blend in with benign activity.

Today, many organizations have a security awareness program of some kind. Whether it’s annual compliance training or the orientation video warning new employees about phishing, it’s almost a standard now among industries. However, security awareness programs vary in frequency, details, and execution. And it’s that variability which, unfortunately, can become a vulnerability. Employees and users are the first line of defense against a cyberattack.

In the introductory post of this series, we reviewed what an Active Directory (AD) service account is, explained why these privileged accounts are a serious security risk, and promised to detail 4 types of attacks on service accounts in future posts. This post explores the first of those attacks: LDAP reconnaissance, which attackers can use to discover service accounts in an IT environment while avoiding detection.