filmov
tv
Russian Malicious Outlook Calendar Invites Targeting Ukraine (CVE-2023-23397) | Threat SnapShot
Показать описание
In this week's Threat SnapShot, we'll take a look at a privilege escalation attack affecting Microsoft Outlook that has been used by a Russian nation-state actor (APT28, Fancy Bear, GRU) against organizations in Ukraine. The vulnerability, CVE-2023-23397, was addressed in Microsoft's most recent patch Tuesday (March 2023). Evidence of exploitation, however, has been seen to date back to at least April 2022. The attack leverages a relatively obscure feature of Outlook, where calendar invites can contain a file path for an alternative notification sound. An attacker can specify a UNC path, and Outlook will happily pass along the user's NTLM credentials to try to authenticate to that path, leading to an escalation of privilege and credential compromise.
We'll take a closer look at three example attack variations using this vulnerability -- one that passes the credentials via WebDAV, another that relays the NTLM credentials to gain an SMB shell on the victim, and a third that uses this vulnerability as a persistence mechanism by setting a registry key. We'll also discuss detection and threat hunting strategies to protect your organization from each of these attack vectors.
Resources:
SnapAttack Content:
We'll take a closer look at three example attack variations using this vulnerability -- one that passes the credentials via WebDAV, another that relays the NTLM credentials to gain an SMB shell on the victim, and a third that uses this vulnerability as a persistence mechanism by setting a registry key. We'll also discuss detection and threat hunting strategies to protect your organization from each of these attack vectors.
Resources:
SnapAttack Content:
0:14:13
Russian Malicious Outlook Calendar Invites Targeting Ukraine (CVE-2023-23397) | Threat SnapShot
0:02:59
Russian Hackers Using Outlook Flaw for a Year
0:41:57
Hunting Russia FSB's Most Sophisticated 'Snake' Malware | Threat SnapShot
0:43:47
THM Outlook NTLM Leak CVE 2023023397 Walkthrough
0:00:46
NEVER buy from the Dark Web.. #shorts
0:09:56
Digging into CVE-2023-23397
0:02:15
Security fix released by MS for Outlook vulnerabilities on March's Patch Tuesday
0:06:07
Microsoft Outlook NTLM Leak | Walkthrough | TryHackMe | CVE-2023-23397 Security Vulnerability
0:07:19
How Microsoft fixed a radical Outlook security flaw that could expose your emails
0:28:58
Critical Outlook Vulnerability!? Patch Tuesday News! Windows 11 Slowness Addressed!
0:17:29
Outlook NTLM Leak Tryhackme - CVE-2023-23397
0:00:27
Top 5 Vulnerabilities of 2022 feat. Tenable Threat Landscape Report
0:17:50
Microsoft Outlook vulnerability CVE 2023-23397 - Threat Talks Cybersecurity Podcast
0:56:01
2023 'All In' Breakout Sessions - Mike Ritsema - Microsoft Tips and Tricks
1:01:08
AICPA Town Hall Series - March 17 Edition
0:16:15
Microsoft Outlook NTLM Vulnerability | CVE-2023-23397 Demo
0:02:25
DarkRelay's POC and demo on CVE-2023-23397: Critical Microsoft Outlook vulnerability
0:40:00
WEBINAR: Why Your Business Needs Cyber Security
0:51:22
REvil Ransomware Kaseya Supply-Chain Attack: Analysis and Countermeasures
0:54:02
How to Protect Your Company from Cyber Attacks
0:57:52
Microsoft 365 - Why You Need It Now More Than Ever
0:42:26
Watch the Full Virtual Cybersecurity Tech Event | Proven IT
0:27:13
Webinar: Best of 2023
1:54:58
TALK19 - Julien Nocetti – Cyber-related threats & Geopolitics: Upgrading the level-playing exper...
Комментарии