[Some Interesting] Cloud ‘n Sec news: 10th Jun 22
--
What’s worth your reading time
Cloud
Azure
VDI security best practices
An article shared by Microsoft on the subject. Handy? For sure!
Access it here, but according to them, they are:
- Conditional access applies access controls based on signals like group membership, type of device, and IP address to enforce policies.
- Multifactor authentication requires that users consistently verify their identities to access sensitive data.
- Audit logs are used to gain insight into user and admin activities.
- Endpoint security like Microsoft Defender for Endpoints offers built-in protection against malware and other advanced threats for all your endpoints.
- Application restriction mitigates security threats by limiting what applications certain users are allowed to access using software like Windows Defender Application Control.
What’s new in Azure Firewall
Microsoft announced new features to Azure Firewall in a new blog post.
Amongst them, new IDS/IPS feature and more:
- Intrusion Detection and Prevention System (IDPS) signatures lookup now generally available.
- TLS inspection (TLSi) Certification Auto-Generation now generally available.
- Web categories lookup now generally available.
- Structured Firewall Logs now in preview.
- IDPS Private IP ranges now in preview.
Security
Defense
Microsoft Defender for Office 365 step by step guide
Released by Microsoft, available for everyone, really handy, access it here:
Announcing the release of step-by-step guides! — Microsoft Tech Community
Threats
Atlassian Zero Day RCE
The announcement and raft of coverage on this cannot be overlooked.
Many outlets and researchers have covered this zero day due to its prevalence in enterprise environments which are very to attackers.
An overview of the coverage was shared by bleeping computer:
The zero-day (CVE-2022–26134) affects all supported versions of Confluence Server and Data Center and allows unauthenticated attackers to gain remote code execution on unpatched servers.
Since it was disclosed as an actively exploited bug, the Cybersecurity and Infrastructure Security Agency (CISA) has also added it to its ‘Known Exploited Vulnerabilities Catalog’ requiring federal agencies to block all internet traffic to Confluence servers on their networks.
Exploits were seen in the wild early in he week and days later threat intelligence teams informed of nation state threat actors exploiting the vulnerability:
Lockbit Ransomware gang teasing Mandiant leak
Early in the week reports indicated that Lockbit ransomware gang hacked cybersecurity IR giant Mandiant
Infosec news reporter Sergiu Gatlan reported:
The outcome, however, later, proved to be different than what originally hinted at. According to bleeping computer:
After LockBit published the files, it looks like this wasn’t about files stolen from Mandiant’s network but, instead, about the ransomware group trying to distance itself from the Evil Corp cybercrime gang.
This was likely prompted by LockBit fearing the lost revenue because their victims will stop paying ransoms as Evil Corp is sanctioned by the U.S. government.
Attacks
Italian city victim of cyberattack
At time of reporting, unknown if it was a DDOS or Ransomware, but it caused the city of Palermo in Italy to shut down some of the cities online services such as video surveillance, police operations center and other online services.
It’s the 5th largest city in Italy with more than a 1M citizens.
More info here.
Learn more about my Cloud and Security Projects: https://linktr.ee/acamillo
Thank you for reading and leave your thoughts/comments!