SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast) ISC StormCast for Tuesday, December 3rd, 2024
10 snips
Dec 3, 2024 Explore the critical role of Credential Guard in preventing lateral movement in cybersecurity. Discover the alarming trend of exploiting corrupted Word documents in phishing attacks. Learn about essential best practices for managing API keys alongside the vulnerabilities in the IBM Security Verify Access Appliance. Delve into the importance of threat-informed defense strategies and how recent breaches highlight the need for swift action and robust mitigation measures.
AI Snips
Chapters
Transcript
Episode notes
Credential Guard for Lateral Movement Prevention
- Frustrate attackers by enabling credential guard to prevent lateral movement.
- Be aware that it may interfere with some virtualization solutions like VMWare.
Rapid Exploitation of AWS Credentials
- Exposed AWS credentials are exploited within seconds or minutes, according to Clutch Security's research.
- This aligns with previous reports, highlighting the rapid exploitation of leaked credentials.
Managing Exposed AWS Keys
- Assume compromise if AWS keys are found in the wild, as alerts are often too late.
- Move away from static API keys, even with rotation, and use ephemeral keys or mutual TLS.