CyberInsights Weekly #13

Your weekly dose of learnings from cybersecurity news

I. Zero to Hero: MS Zerologon

Zerologon is an MS Active Directory Vulnerability that allows an unauthenticated user connected to the local network to get domain admin privileges.

Microsoft has released a patch in August 2020 and will release another patch in February 2021, denying all unauthenticated connections. Till then, here is an advisory that will keep you secure.

Download this pdf for a clearer understanding of Zerologon.

CISO Check:

How do you know you are still vulnerable after patching?

Enable logging and monitoring of event IDs 5827, 5828, 5829, 5830, 5831 in your SIEM to detect vulnerable connections

II. Security Metrics - 12 years on…

NIST has released a pre-draft call for comments on their SP 800-55 Revision 1 - “Performance Measurement Guide for Information Security”.

The first one was released in 2008! Measuring the effectiveness of your controls is far too important to leave untouched for 12 years.

You can contribute too!

CISO Check:

Contribute to this effort by reading the document and providing your comments before November 19, 2020 and give back to the infosec community.

Bonus: Your coffee machine might just kill you!

Vulnerable IOT can now hold you at ransom. A security researcher could hack into a coffee machine and extract a ransom to stop it from malfunctioning.

A shoutout to our reader Altamash Sayed for sharing this!

III. Quote of the week

“Everything that can be automated will be automated.” — Robert Cannon