INSIDER THREAT SECURITY BLOG

The following blog post was created using an excerpt from the Stealthbits Technologies/emt Distribution presentation “Prioritizing Password Security with Troy Hunt: The Good, the Bad, and the Ineffective”. Please see here to view the complete presentation. Let’s talk about passwords. In particular, let’s talk about where we’ve come from, where we are at the moment, and where things are going in the future. The history lesson of passwords is enormously important because it help…

What is it? SigRed, CVE-2020-1350, is a remote code execution vulnerability in the Microsoft Windows DNS server that was publicly disclosed on July 14, 2020, by Israeli cybersecurity firm Check Point.   When a DNS server receives a query for a domain it isn’t responsible (authoritative) for it asks a DNS server further up the hierarchy which DNS server is, and then queries that DNS server for the record. The vulnerability exists in how the Windows DNS server parses t…

With breaches and cyber-attacks continually increasing every year, a constant stream of compromised passwords finds their way to the dark web for purchase and use. This should NOT be a surprise. 80% of breaches involved stolen or misused credentials1. And this makes sense … why use advanced attack techniques when stealing credentials and assuming user identities is easier, less detectable, and still works? Stealthbits leverages the “Have I Been Pwned” breach password dictionary within Stea…

Data breach. There are fewer times that two simple words invoke so many fearful thoughts in the mind of a C-level executive. How did it happen? What was taken? What are we going to do? Who was responsible? There are many routes an organization may explore in terms of breach mitigation, but let us start at the beginning. This blog will cover some of the simple basics of a data breach – what it is, ways they are caused, etc. –  and some simple steps that an organization can …

Million-dollar ransomware payouts, government protection, and ease of access will continue to fuel the growth of cybercrime. Imagine coming to work and turning on the computer only to see a message that says “repairing file system on C:” or “oops, your important files are encrypted” demanding a payment in bitcoin to decrypt them. A typical message displayed during a Ransomware attack When you read the headlines of six-figure ransomware payouts, you might begin to wonder how hacker g…

Eternally Affected What is SMB? Server Message Block (SMB) is a protocol used primarily for sharing files, printer services, and communication between computers on a network. The history of SMB is long, so I’ll try to keep this short and to the point. SMBv1 Back in the 1980s and 1990s IBM and Microsoft were working on implementations of SMB to improve and build upon the protocol. Microsoft actually pushed to rename SMB to Common Internet File System (CIFS) and added a bunch of…

Kerberos Delegation and Usage Kerberos delegation has been around for a long time (Windows Server 2000 to be exact), but more often than not, when speaking to engineers who manage or work with Active Directory, they’re not familiar with all the various implementations of Kerberos delegation, their uses, and some ways they can be abused. What I find funny, is that most people confuse Kerberos delegation with delegated permissions. The practical usage of Kerberos delegation is to enable a…

It’s that time of the year again! As we roll into 2020 we’re proud to present our 4th edition of “STEALTHbits’ Experts Cybersecurity Predictions.” We asked eight of our top industry voices here at STEALTHbits their thoughts on what’s to come in the world of cybersecurity in the next 365 days! Read on and come back at the start of 2021 to see how we did. Ransomware Will Continue To Wreak Havoc Using the Same Old Tricks Ransomware attacks will continue to impact organizations causing s…

Phishing scams are a very common technique used by identity thieves to trick you into giving them your sensitive personal or financial information. Thieves will often impersonate actual companies like credit card companies, banks or online resources such as PayPal or Dropbox. It is a challenge to recognize what is real and what isn’t but there are a few things you can do to make yourself/your organization less susceptible to this type of scam. Traditional Approach Before we discuss a no…

In my last blog post, we took a look at the Vulnerability Assessment within the Advanced Data Security (ADS) offering for Azure SQL. In my final blog post of the series, we will take a deep dive into the Advanced Threat Protection features. VIEW PART 1 HERE VIEW PART 2 HERE Advanced Threat Protection for Azure SQL Databases provides administrators with immediate visibility into potential threats such as suspicious database activities, potential vulnerabilities, SQL injection attacks…