Top Threats

  • 1.  Cloud Events/Breaches

    CSA Instructor
    Posted Sep 23, 2021 07:45:00 AM
    • Autodiscover, a protocol used by Microsoft Exchange for automatic configuration of clients such as Microsoft Outlook, has a design flaw that causes the protocol to "leak" web requests to Autodiscover domains outside of the user's domain but in the same TLD (i.e.
    • Guardicore Labs acquired multiple Autodiscover domains with a TLD suffix and set them up to reach a web server that we control. Soon thereafter, we detected a massive leak of Windows domain credentials that reached our server.
    • Between April 16th, 2021 to August 25th, 2021 we have captured:
      • 372,072 Windows domain credentials in total.
      • 96,671 UNIQUE credentials that leaked from various applications such as Microsoft Outlook, mobile email clients and other applications interfacing with Microsoft's Exchange server.
    Cloud vulns of the past 4 weeks:
    - ChaosDB:
    - Azurescape
    - OMIGOD:
    - Log Analytics role privesc:

    - IAP:
    - org policies bypass:

    - WorkSpaces client RCE: New Rhino Blog: CVE-2021-38112: AWS WorkSpaces Remote Code Execution

    Jon-Michael C. Brook CISSP, CCSK, AWS Solutions Arch