Dec 26

Kerberos Authentication with Veeam v12

Kerberos Authentication with Veeam v12. NTLM authentication is still mandatory for communication between all Veeam infrastructure servers in v11. However, NTLM authentication is still required for communication between Veeam backup infrastructure servers (backup server, backup proxies, backup repositories, guest interaction proxies, log shipping servers, and mount servers). NTLM was subject to several known security vulnerabilities related to password hashing and salting. Kerberos only will be supported with Veeam Backup & Replication version 12. Veeam B&R v12 will also allow using gMSA Accounts for application-aware processing. These two new features should help you to get better security for all service accounts.

Veeam

Continue reading

Dec 12

Critical Fortigate VPN SSL Vulnerability – CVE-2022-42475

Updated on Tuesday 13, December – Affected versions.

Critical VPN SSL Vulnerability (FortiOS): Fortinet has just announced a critical vulnerability in all versions. Vulnerabilities that can be easily exploited remotely to compromise firewall or where remote code execution is considered likely in common situations. Manipulate the dynamic resources of some processes, the goal is to divert the working operation. The impact would be arbitrary code or execute unauthorized code or commands.

 

Continue reading

Dec 07

Hackers love it when you post pictures of your work environment

Hackers love it when you post pictures of your work environment! We are all proud of what we are doing and proud of the great companies we are working in. But by taking pictures of your work environment for LinkedIn or your career blog you are unintentionally disclosing information about your technical setup. This is not a critical vulnerability by itself but can be used by adversaries to prepare for further attacks or to create a well-designed pretext for social engineering.

 

Continue reading

Dec 06

The core function of a SOC

The core function of a SOC (Security Operations Center) is to investigate, monitor, prevent, and respond to threats. SOC teams benefit from using a single platform with integrated yet disparate technologies for a full-picture view that is continually updated with emerging threat intelligence. This unified perspective simplifies security monitoring, supports incident response workflows, and provides all the core functionality required for building a SOC. Here’s a blog post about the main functions.

Continue reading

Nov 27

Play ransomware infection routine

A ransomware gang named “Play” was discovered on the Dark Web. Along with them, a list of 22 victims has been revealed. There is a piece of evidence that points to a possible connection between Play ransomware and Quantum ransomware, which is an offshoot of the notorious Conti ransomware group. The Cobalt Strike beacons that were used in Play’s attacks bear the same watermark, 206546002, as those previously dropped by Emotet and SVCReady botnets that have also been observed in Quantum ransomware attacks. This suggests that the two ransomware groups share some of the same infrastructure. Play Ransomware specifically targets backup solutions in order to ensure that the victim has no other option to recover the data. Play group is particularly methodical in developing and implementing backup removal techniques. Here’s a blog post on the infection routine and backup environment attack method.

 

Continue reading