Hello, welcome to the Wednesday, September 30th, 2020 edition of the Sandstone Storm Center's

Stormcast. My name is Johannes Ulrich, and then I'm recording from Jacksonville, Florida.

Yesterday, I mentioned the reports that we had about a bomb-garg line being installed on a system that used to be

maintained by Tyler Technology. Of course, that company was the victim of a ransomware attack

and apparently some credentials they used to log to customer systems may have been leaked.

In response, Xavier today published a quick diary with a couple points to consider if you

are hiring some company to manage systems for you.

Now, a couple comments we got here from readers, one in particular regarding

the Baumgarjump client, again purchased by Beyond Trust and known under that name.

Readers are reporting that they have seen employees of a service provider install legitimately discline, and it is useful

and good piece of software, but then they forgot to remove it after they were done with a system.

So certainly worthwhile to look over their shoulder, double check what they're doing.

And Xavier has a number of good points in his diary that you should consider if you are engaging

a company like this.

And well, many of us have to do this, of course.

This gets even more tricky, of course, if that company is also doing

your security monitoring, then it sort of comes down to who is watching the watchers and how much

effort you're still able to put behind actually monitoring their activities. And of course,

these last couple weeks, we talked quite a bit about the zero logon

vulnerability.

And essentially what this comes down to is an insecure RPC authentication from a

client to a domain controller.

...