Tag Archive for: Mitigation

Microsoft’s third mitigation update for Exchange Server zero-day exploit bypassed within hours

/in


Microsoft has published its third update for its mitigation of an exploit abusing two zero-day vulnerabilities in Microsoft Exchange Server.

It marks the latest step towards providing a fix for the exploit, dubbed ‘ProxyNotShell’, in what has been a confusing week for system admins attempting to understand the threat.

Security researcher Kevin Beaumont highlighted on Friday that there is already a bypass for the Microsoft-provided mitigation. It means every one of the company’s attempts to prevent the exploit from harming customers has been circumvented within hours of publication.

The issue is in the way Microsoft’s signatures detect the exploit. Signatures monitor the w3wp.exe internet information services (IIS) module but for customers of Windows Server 2016 and above, w3wp.exe is excluded automatically by Exchange Server when IIS is installed.

“The only way to correct this is to turn off automatic exclusions,” he said, but Microsoft states explicitly in its documentation to not do this.

The original vulnerability disclosure for the ProxyNotShell exploit was atypical in nature and the information regarding potential fixes has been fragmented and confusing to follow for many. 

Discovered last week by security researchers at Vietnam-based company GTSC, the pair of zero-days has received a number of attempted fixes – the first of which was bypassed “easily”.

GTSC said in its report that it had noticed in-the-wild exploitation of both vulnerabilities for at least a month before publishing its findings.

The security issues are related to, but different from, the ProxyShell exploit which was developed in 2021 and are not protected by the patch Microsoft provided for ProxyShell that year. 

Tracked as CVE-2022-41040 and CVE-2022-41082, they each received a CVSSv3 severity score of 8.8/10. Microsoft Exchange versions 2013, 2016, and 2019 are affected.

Exploitation requires access to an authenticated user account but initial tests indicated that any email user’s account, regardless of the level of privileges they had, could be used to launch an attack. 

Microsoft Exchange Server customers are advised to monitor the official mitigation page and apply new ones as they become…

Source…

All-New Security Program and Hacking Mitigation Plans to Fight Impersonators

/in


Press release content from MarketersMEDIA. The AP news staff was not involved in its creation.

Click to copy

Las Vegas, NV, United States – July 23, 2022 —

The American Sweepstakes Network has administered and implemented contests, game promotions, and sweepstakes for the U.S.A.’s biggest marketers for over 30 years. The team’s experience is simply uncopiable — although, some have tried. With the rise of fraudsters attempting to impersonate companies and scam customers, the company has tightened its cybersecurity belts and implemented brand-new hacking mitigation plans to keep clients safe.

From enhancing the verification system to staying on top of PCI regulations, The American Sweepstakes Network is more secure than ever before.

Fraud Prevention and Instant Code Verification

Sweepstakes fraud isn’t new, but as the world becomes ever digital, it’s common to see an alarming increase in dishonorable companies.

Red flags like Greendot Cards and MoneyGram should always be avoided, and The American Sweepstakes Network has made it its core mission to ensure customers report any of these transaction requests to the US Fraud Report database ww.usfraudreport.com and or directly to our legal department.

Additionally, the team has included an instant code verification system to further enhance its ongoing cybersecurity efforts. If you’ve received a claim code that allegedly identifies you as a prize winner, simply input the number and hit “Verify.” 

The Company-Wide Hacking Mitigation Plan

Company impersonators and computer hacking go hand-in-hand. While many have fallen prey to several cyberattacks, the team is committed to enhancing security and protection and thus offering a new lease of life. 

By employing an effective hacking mitigation plan, users can rest easy knowing their sensitive information is safe.

The American Sweepstakes Network began by conducting a risk assessment, acknowledging the vulnerabilities that allowed unauthorized individuals into the system.

Identification led to fixing the common vulnerabilities before trying to tackle the more complex problems through…

Source…

Aryaka Partners With Carnegie Mellon’s CyLab To Research Threat Mitigation

/in


  • Aryaka announced it formed a strategic partnership with CyLab, Carnegie Mellon University’s (CMU’s) Security and Privacy Institute. These are the details.

Aryaka, a leader in fully managed SD-WAN and SASE solutions, today announced it has formed a strategic partnership with CyLab – which is Carnegie Mellon University’s (CMU’s) Security and Privacy Institute – to research new threat mitigation techniques and innovate solutions for enterprise networking and security.

Launched in 2003, CyLab is Carnegie Mellon University’s public/private collaborative computer security and privacy research institute. With over 100 core and affiliated faculty and 100 graduate students, it is one of the largest cyber security research centers in the United States. And Aryaka’s partnership with CyLab will consist of providing funding and industry expertise to assist research and innovate sophisticated security techniques to address today’s most pressing threat issues.

Aryaka is also sponsoring CyLab’s Future Enterprise Security (FutureEnterprise@CyLab) initiative, a multi-disciplinary approach to making complex security solutions available to all. And the sponsorship will connect Aryaka with students, academics, and other key industry partners to make security more accessible and understandable to end-users.

As a founding sponsor of this initiative, Aryaka will provide support at multiple levels in the program. This ranges from guiding the research topics based on the newest challenges and threats our customers are encountering, providing industry expertise, data sets for learning and building AI models, feedback on the efficacy of various techniques as well as practical experience to the students via mentorship and internships.

KEY QUOTES:

“Aryaka shares the future of enterprise security vision of CyLab. Together we will develop and innovate security techniques to defend against emerging and immediate risks and democratize it via open source to small and large enterprises. With acute skills shortage in cybersecurity, most enterprises are faced with tremendous pressure and risk—when strong tools are available to everyone, we’re all more…

Source…

Privacy vs. Security: Is Your Bot Mitigation Solution Effective in the Wake of Web Privacy Trends?

/in


Bad Bots Disguise as Humans to Bypass Detection

Bot mitigation providers place significant emphasis on stopping bots with the highest degree of accuracy. After all, it only takes a small number of bad bots to get through your defenses to wreak havoc on your online businesses. One challenge of stopping bad bots is keeping false positives to a minimum (where a human is incorrectly categorized as a bot).

The more aggressively rules are tuned within a bot mitigation solution, the more susceptible the solution becomes to false positives because it needs to decide whether to grant requests for indeterminate risk scores. As a result, real users are inadvertently blocked from websites and/or being served CAPTCHAs to validate they are indeed humans. This inevitably creates a poor user experience and lowers online conversions.

Much of the ongoing innovation in modern bot mitigation solutions has been a reaction to increasing sophistication of the adversary. The fact that bad bots increasingly look like humans and act like humans in an attempt to evade detection makes it more difficult to rely on rules, behaviors, and risk scores for decisioning – making false positives more pronounced.

Humans Now Disguising Themselves for Privacy

A more recent trend is exacerbating false positives, and without proper innovation, it renders legacy rule and risk-score dependent bot mitigation solutions inadequate. It results from the accelerating trends related to humans taking action towards more privacy on the Internet. Ironically, the move towards more privacy on the web can actually compromise security by making it even more difficult to distinguish between humans and bots. 

To understand why it’s essential to know how the majority of bot detection techniques work. They rely heavily on device fingerprinting to analyze device attributes and bad behavior. Device fingerprinting is performed client-side and collects information such as IP address, user agent header, advanced device attributes (e.g. hardware imperfections), and cookie identifiers. Over the years, the information collected from the device fingerprint has become a major determinant for analytics engines used to whether the request is bot…

Source…