by Scott Muniz | Aug 19, 2021 | Security
This article was originally posted by the FTC. See the original article here.
Scammers are impersonating FTC Chair Lina Khan in a new phishing scheme. The email says the FTC wants to send you Coronavirus relief funds and tells you to send some personal information, like your name, address, and date of birth. The FTC is not distributing Coronavirus economic stimulus or relief money to people. The email is a scam. Don’t reply.
If you get an unexpected email that asks you to reply – or call or click a link – to give somebody personal or financial information, don’t. It’s probably a phishing scam trying to steal your money.
Report the phishing email to the Federal Trade Commission at ReportFraud.ftc.gov and forward it to the Anti-Phishing Working Group at reportphishing@apwg.org. (If scammers contact you by text message or phone, report that, too.)
Scammers lie and make up fake stories to rip people off. Learn how to recognize and avoid other phishing scams.
Brought to you by Dr. Ware, Microsoft Office 365 Silver Partner, Charleston SC.
by Scott Muniz | Aug 19, 2021 | Security, Technology
This article is contributed. See the original author and article here.
The Internet Systems Consortium (ISC) has released a security advisory that addresses a vulnerability affecting multiple versions of the ISC Berkeley Internet Name Domain (BIND). A remote attacker could exploit this vulnerability to cause a denial-of-service condition.
CISA encourages users and administrators to review ISC advisory CVE-2021-25218 and apply the necessary updates or workarounds.
by Scott Muniz | Aug 19, 2021 | Security, Technology
This article is contributed. See the original author and article here.
Cisco has released security updates to address vulnerabilities in multiple Cisco products. An attacker could exploit some of these vulnerabilities to take control of an affected system. For updates addressing lower severity vulnerabilities, see the Cisco Security Advisories page.
CISA encourages users and administrators to review the following Cisco advisories and apply the necessary updates:
by Jenna Restuccia | Aug 18, 2021 | American Sign Language
A common misconception about Sign Language is that all deaf & hard-of-hearing individuals and learners use only one universal version of Sign Language. But did you know that there are over 200 different Sign Languages?
Sign Language generally does not correspond to the spoken language within that country. To illustrate: the US and Britain both speak English as their primary language. If you look at the Sign Languages of the two countries, they have nothing in common. If you know American Sign Language (ASL), you are not likely to understand even one sign of British Sign Language (BSL), including their alphabet… Yet the spoken languages are the same! In fact, in terms of syntax, ASL is more closely related to Japanese than English. There is little connection between the development of Sign Language and the spoken language that surrounds it.
All languages at times borrow elements from other languages. For example, in English, we use “Noodle,” influenced by the German language. Or “breeze” influenced by Spanish. Similarly, Sign Languages have done the same in borrowing from spoken language. An example of this is using an alphabet to spell out our names. Though there is a natural influence of spoken language within Sing Languages, this does not define or make up the entire language. Just as English is not German, American Sign Language is not English.
Many say that hearing people “invented” Sign Language for those who needed it. This idea is far from the truth. Sign Language came about by those who use and need the language, the Deaf. They very well could have had little or no knowledge of the spoken language in their area. As a result, we have visual language not confined by the rules or structure of spoken language.
What can we learn?
We cannot expect those who use ASL, such as the deaf, to know our spoken Language, English. Whether in written form or by lipreading. We must treat Sign Languages as they are, as Foreign Languages. As a minority language group, not a disability group.
by Contributed | Aug 18, 2021 | Technology
This article is contributed. See the original author and article here.
If you didn’t grow up in the ’90s in France like yours truly, you probably wouldn’t be familiar with the animated kids show named Petit Potam, which was based on the books of the same name by Christine Chagnoux.
While I could talk about the TV series for days, the reason Petit Potam came to the news lately is because of a vulnerability that was recently published with the same name which can potentially be used in an attack on Windows domain controllers. PetitPotam is a tool that can exploit the Encrypting File System Remote (EFSRPC) Protocol.
Exploiting the MS-EFSRPC
The EFSRPC protocol that PetitPotam exploits is typically used to maintain and manage encrypted data that is stored remotely and accessed over a network. It’s mainly used to manage Windows files that reside on remote file servers and are encrypted using the Encrypting File System (EFS).
Figure 1. Message sequence for opening a file using EFS
Using the PetitPotam vector, an adversary can manipulate MS-EFSRPC API functions without authentication using the OpenEncryptedFileRaw calls. This allows the adversary to force a domain controller to authenticate to an NTLM relay server under the attacker’s control.
NTLM Relay attack
NTLM relay attacks allow the malicious actor to access services on the network by positioning themselves between the client and the server and usually intercepting the authentication traffic and then attempting to impersonate the client.
To prevent NTLM relay attacks on networks with NTLM enabled, domain administrators must ensure that services that permit NTLM authentication utilize protections such as Extended Protection for Authentication (EPA), or signing features, like SMB signing.
PetitPotam takes advantage of servers where Active Directory Certificate Services (AD CS) is not configured with protections for NTLM relay attacks.
Microsoft Defender for Identity detection
Starting from version 2.158 onwards, Microsoft Defender for Identity will trigger a security alert whenever an attacker is trying to exploit the EFS-RPC against the domain controller, which is the preliminary step of the PetitPotam attack.
Figure 2. Suspicious Network Connection over EFS-RPC alert information
The alert provides visibility into network activity over the protocol and when an attacker is trying to force the domain controller to authenticate against a remote device. The alert will contain the following information:
- Source context – which can be the user and/or the device originating the request
- The target domain controller
- The remote device – including the file the attacker was trying to read
How to protect your organization further
On August 10, 2021, Microsoft published CVE-2021-36942 which addresses this vulnerability, named Windows LSA Spoofing Vulnerability. We highly recommend prioritizing updating the domain controllers with this CVE.
To learn more about the CVE, see the details in the MSRC portal with the following link: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-36942
What next?
If you haven’t already got access to Defender for Identity, you can start a trial using this link.
We’re always adding new capabilities to Defender for Identity and we’ll make announcements about great new features here in this blog, so check back regularly to see what the latest updates bring to your security teams.
We’re always keen on hearing your feedback, so please let us know in the comments section below if you have anything to share with us about this detection.
Recent Comments