January 30, 2019

Privilege escalation vulnerability uncovered in Microsoft Exchange

By John E Dunn

A researcher has discovered an alarming way that an attacker controlling a Microsoft Exchange mailbox account could potentially elevate their privileges to become a Domain Administrator.

The consequences of this would be devastating, but according to Dirk-jan Mollema of Dutch company Fox-IT, it can be achieved by combining three separate weaknesses in some configurations of Exchange into a single attack.

The first issue, writes Mollema, is that by default, members of the Exchange Windows Permissions group have the ability to modify advanced privileges on the Domain object in Active Directory (AD):

Users or computers with this privilege can perform synchronization operations that are normally used by Domain Controllers to replicate, which allows attackers to synchronize all the hashed passwords of users in the Active Directory.

That makes compromising Exchange a choice target for an attacker looking to take control of the Domain Admin account – but how to achieve this?

One well-understood possibility is through a relay attack against Microsoft’s aged NTLM authentication protocol (encapsulated inside SMB or HTTP/S) to steal an Exchange user’s credentials.

Read more at https://nakedsecurity.sophos.com/2019/01/30/privilege-escalation-vulnerability-uncovered-in-microsoft-exchange/

Firefox makes it easier for users to dodge ad-trackers

By Danny Bradbury

Firefox has introduced a new set of controls to make it easier for users to protect themselves from online ad trackers.

The browser’s redesigned Content Blocking section makes it easier for users to switch off cross-site trackers. These are mechanisms that advertisers and data brokers use to track your activity across different websites, giving them a clearer picture of what you’re doing online so that they can target you with marketing messages more accurately.

Firefox has gradually introduced more anti-tracking protections for its users over the years. In 2015, it began blocking trackers by default in its private browsing mode, later expanding that to include optional tracking protection in non-private browsing mode in November 2017.

To block both trackers, Mozilla works with Disconnect, a company that makes free and premium anti-tracking tools. It creates a list of known trackers to help protect its users, and Mozilla uses that information to spot and block trackers.

In October 2018, Mozilla began enabling users to optionally block cross-site ad-tracking cookies alongside traditional trackers. A Mozilla spokesperson explained the difference to Naked Security:

Cookie blocking prevents domains on the list from using cookies and other browser storage when they are loaded as third parties. Tracker blocking blocks the loading of all content from domains on the Disconnect list.

The revamped interface is the latest step in a longer-term effort to enhance user privacy called Enhanced Tracking Protection. The Mozilla spokesperson said:

Enhanced Tracking Protection is a suite of protections encompassing both the traditional tracker blocking introduced in Firefox 42 and the cookie blocking feature introduced in Firefox 63. Both tracker blocking and cookie blocking have made use of the Disconnect list since they were introduced.

Mozilla’s latest measures get it further along the path to a long-term goal of blocking third-party trackers by default, but it has to walk a delicate line. Blocking trackers too aggressively can break the functionality in certain websites.

Read more at https://nakedsecurity.sophos.com/2019/01/30/firefox-makes-ad-tracker-dodging-easier-for-privacy-conscious-users/

It’s mop-up time for WebStresser DDoS-for-hire users

By Lisa Vaas

In April 2018, Dutch police inflicted a whole lot of “access denied” when they shut down Webstresser, the world’s biggest market for distributed-denial-of-service (DDoS) attacks.

Law enforcement working in multiple countries nabbed at least four of the attack-for-hire site’s admins, and then they went knocking on the doors of its users. Some got arrested, while some got away with warnings.

Well, going on a year later, it’s still mop-up time.

The UK’s National Crime Agency (NCA) announced that it’s been working with law enforcement agencies from 14 countries as part of what it’s calling Operation Power Off: an ongoing project to get at all the people and services behind DDoS attacks.

Police in the UK and Scotland have issued 8 warrants and seized more than 60 personal computers, tablets and mobile phones, the NCA said. An unspecified number of users have also received cease and desists notices. Police are eyeing another 400 Webstresser users for possible prosecution.

Read more at https://nakedsecurity.sophos.com/2019/01/30/its-mop-up-time-for-webstresser-ddos-for-hire-users/

Scammers steal social media videos to wring hearts and wallets

By Lisa Vaas

“I’m walking!” squealed the adorable, 4-year-old Mighty Miss Maya, born premature and later diagnosed with spastic diplegia cerebral palsy, when she took her first independent steps.

“Ka-CHING!!!!” enthused one or more Instagram swindlers, who promptly swiped Maya’s photo and videos to plaster onto fake fundraising accounts.

Earlier this month, Maya’s family, the Tisdales, posted onto her Facebook page the news about the imposter accounts, along with a screen capture of one of them that had been written in Russian and featured Maya’s stolen images:

It was brought to our attention a few weeks ago that someone has been stealing Maya’s pictures and videos from our account. They have set up an account and have been using Maya’s pictures and videos to try to get donations. Obviously we are very angry and we are working to have this account shut down ASAP. We are also working on having these individuals charged with fraud for collecting money under false pretenses (a lawyer friend has reached out to us and they are working on this end of things).

Maya’s mother, Ann Tisdale, said that her family has been hacked and harassed on Instagram after a video of Maya went viral last month.

The Tisdales said that Instagram was initially unresponsive, even after they filed the appropriate take-down forms and after followers had also reported the account. After the Tisdales asked followers to comment on the post and to tag @instagram, or perhaps after they contacted the media, Instagram finally took down the account… which, unfortunately but predictably, precipitated a game of whack-a-mole as the scammer(s) put up new fake accounts as fast as Instagram took them down.

It went beyond mere imposter accounts when one fraudster tried to extort the family, Ann Tisdale told ABC News.

Read more at https://nakedsecurity.sophos.com/2019/01/30/scammers-steal-social-media-videos-to-wring-hearts-and-wallets/


Advanced Computer Services of Central Florida

Centrally located in Winter Haven, we serve residential and business clients in and around Polk County.

9 Camellia Drive
Winter Haven, FL 33880

Our Promise to You

Plain language, no tech-talk

We will never try to over-sell you a product you don't need.

Advanced Computer Services of Central Florida is your local, hometown computer service and repair company that can do more than just fix your PC.  We offer highly skilled professionals who can be counted on to give you sound advice on upgrades, software and hardware, commercial & residential networks, hardwire or secure wireless.

No trip charges within Polk County

No after-hours or weekend fees

$45.00/hr Residential

$65.00/hr Commercial - free system evaluation