Top Threats

  • 1.  Cloud Events/Breaches

    CSA Instructor
    Posted Sep 23, 2021 07:45:00 AM
    https://www.guardicore.com/labs/autodiscovering-the-great-leak/
    • Autodiscover, a protocol used by Microsoft Exchange for automatic configuration of clients such as Microsoft Outlook, has a design flaw that causes the protocol to "leak" web requests to Autodiscover domains outside of the user's domain but in the same TLD (i.e. Autodiscover.com).
    • Guardicore Labs acquired multiple Autodiscover domains with a TLD suffix and set them up to reach a web server that we control. Soon thereafter, we detected a massive leak of Windows domain credentials that reached our server.
    • Between April 16th, 2021 to August 25th, 2021 we have captured:
      • 372,072 Windows domain credentials in total.
      • 96,671 UNIQUE credentials that leaked from various applications such as Microsoft Outlook, mobile email clients and other applications interfacing with Microsoft's Exchange server.


    https://twitter.com/0xdabbad00/status/1440350320060633088?s=20
    Cloud vulns of the past 4 weeks:
    Azure:
    - ChaosDB:
    twitter.com/sagitz_/status
    - Azurescape
    twitter.com/yuval_avrahami
    - OMIGOD:
    twitter.com/nirohfeld/stat
    - Log Analytics role privesc: https://t.co/xOrS88PbHL?amp=1

    GCP:
    - IAP: cloud.google.com/support/bullet
    - org policies bypass: twitter.com/NightmareJS/st

    AWS:
    - WorkSpaces client RCE: New Rhino Blog: CVE-2021-38112: AWS WorkSpaces Remote Code Execution bit.ly/3kzeyr7




    ------------------------------
    Jon-Michael C. Brook CISSP, CCSK, AWS Solutions Arch
    ------------------------------