Hello, welcome to the Tuesday, January 29th, 2019 edition of the Sandstone Stormers Stormcast. My name is Johannes Ulrich.

And the I'm recording from Jacksonville, Florida.

Last week, I mentioned how a set of vulnerability is in particular, the elevated privilege at which exchange server is

running can be abused to escalate privileges from a random exchange user all the way up to domain

admin. This is a pretty significant problem in particular if you're worried about any of your

users, for example falling for a fishing scam or the like, or if you are trying to prevent some of these lateral movement techniques,

that an attacker may use once they get a hold of a user's workstation.

Now, Boyan today spent quite a bit of time researching all of this and playing with the different

exploits that were published for it. Well, his conclusion, it definitely works. So read his diary for more

details. He also mentions a couple of steps that you can take to mitigate some of these issues.

There is no patch for this available at this point and there's also

apparently no sort of good way to tell it from your logs that someone is

attempting this attack against your exchange server. I think we got a pretty

embarrassing vulnerability in Apple's FaceTime that allows an attacker

to receive at least audio and according to some reports video as well before the target

actually accepts the call.

The way this works is actually pretty straightforward.

You're calling the victim and then you're

also adding yourself to the call. So you're basically setting up a three-way call between you,

the victim and you again. Now, if you accept your own call, then the call is established and it's

also established to the victim. So at this point, you start

receiving audio from the victim. This vulnerability is apparently already actively being

...