All of us at Tripwire’s Vulnerability Exposure and Research Team (VERT) are constantly looking out for interesting stories and developments in the infosec world. Here’s what cybersecurity news stood out to us during the week of February 14, 2022. I’ve also included some comments on these stories.

Microsoft Using New Security Rule to Prevent Windows Credential Theft

On February 13, Bleeping Computer reported that Microsoft is enabling a Microsoft Defender ‘Attack Surface Reduction’ (ASR) security rule to prevent malicious actors from stealing Windows credentials from the LSASS. The purpose of the rule is to block processes from dumping the memory of LSASS—even if it has administrative privileges. It builds on the functionality of security features like Credential Guard introduced by Microsoft in the past.

Andrew Swoboda | Senior Security Researcher at Tripwire

Windows will soon be able to block the ability to dump password hashes from the Local Security Authority Server Service (LSASS). This could impact Mimikatz’s ability to dump hashes. This change would put the services in its own container and prevent other applications from accessing it. This would block an attacker’s ability to use these hashes to further compromise a network.

Adobe Addresses Critical Magento Open Source Vulnerability Exploited in the Wild

It was on February 14 when Adobe rolled out some updates for CVE-2022-24086, a critical-severity vulnerability affecting Magento Open Source. The flaw enabled threat actors with administrative privileges to execute arbitrary code on vulnerable machines, noted Security Affairs. It received a CVSS score of 9.8 out of 10.

Dylan D’Silva | Security Researcher at Tripwire

Some quick research here on Adobe Magento e-Commerce Platform have it ranging anywhere from 9% to 12% of overall market share, making it a very popular platform for e-Commerce. Adobe has confirmed there are active exploits of this vulnerability in (Read more...)