Kerberos, the three headed authentication protocol, and Aurora malware on the rise

Hi and welcome to another Security weekly. Where we laugh, we cry and share the latest and greatest in security and tech news.Lots of new faces this week, hi! No pressure at all. *stay cool, stay cool*

Did you know? The average person falls asleep in 7 minutes. That's why we keep this newsletter short and sweet.

In this week's edition:

🌅 Aurora malware making a name for itself🐶 Kerberos, the three headed authentication protocol🔥 the quick and dirty

Reading time: 04:01

Aurora malware making a name for itself

Aurora, a Go-based malware first encountered on Russian cybercrime fora in early 2022, is currently on the rise.It was first offered as a malware with botnet functionality, later to evolve into an info-stealer.

The botnet didn't look to be doing great, presumably because it offered nothing new.After undergoing a severe scale up, as an info-stealer it caught the attention of several traffer groups.A prime example of product/market fit.

Makes me wonder, do criminal organizations also have marketing teams? If you're a criminal marketeer reading this, hit me uuuuuup!

The new and improved Aurora malware now serves as a multipurpose botnet, with a wide range of information channels it can extract data from:over 40 crypto wallets, telegram, and all "regular" targets that harbor files of interest.

Cyber security firm sekoia.io found Aurora to be used by at least 7 traffer groups. This is not the last we've heard about the malware I'm afraid..

Here at Disable User, I made a promise to you guys and gals:Security, like you're five.After re-reading the above text, I had to conclude.. no ordinary five year old would ever understand what I'm saying.So, here's a list to clarify.

• Go-based - GO is an opensource programming language known for its scalability and, sadly, it's popularity for malware and other malicious programs

• Botnet - a collection of devices infected by malicious software, used by hacker groups to perform attacks

• Infostealer - an application focused on getting information from certain sources

• Traffer group - a group of cyber criminals who focus on data collection

Kerberos, the three headed authentication protocol

"Anotha' week, anotha' Microsoft security patch." That's what my mother used to tell me.That woman was always ahead of her time..

In all seriousness though. Sysadmins who've been around know: no patch tuesday goes unpunished.After releasing updates for CVE-2022-37966, a vulnerability affecting Windows Server, Microsoft discovered that the update caused authentication issues for Kerberos.

While the issue has been fixed by an out-of-band update - an update released outside the regular update schedule - I thought this was a SPLENDID time to tell my lovely readers about Kerberos.

So gather round, take a seat and be amazed by the tale of..

If we check Wikipedia, it says this about Kerberos;"Kerberos (/ˈkɜːrbərɒs/) is a computer-networkauthenticationprotocol that works on the basis of tickets to allow nodes communicating over a non-secure network to prove their identity to one another in a secure manner."

Lots of words, but nothing that really sticks, right?

I think we should start with, why was Kerberos created?

Kerberos was developed by some brilliant people over at MIT, back in 1988.The internet was on the rise - some say it still is - and with it grew security threats.Back then companies used to rely heavily on their network protection, but that came at a hefty price.Nowadays there are many, many ways to secure your network without making it impossible for users to get on the internet (or the internet to get back in). But back then it was a rather black & white scenario. Nobody in, nobody out.And if somebody were to get through, there was not much defense left to stop a hacker.

So with that in mind, MIT got to work.Now that we got the why out of the way, here's the what.So what was needed was something thata) made it possible to "weaken" firewall controls so people could get on the internetb) create an extra layer of defense that didn't rely on network alone

And that's exactly what Kerberos does.

Here's a way oversimplified example of a Kerberos authentication;

• Client asks Kerberos for a ticket, saying who he is and what he wants

• Kerberos agrees, he knows the client (longtime friends, used to go to school together)

• Kerberos hands out ticket to client

• Client uses ticket to go to a server and says "hey can you let me in?"

• Server checks ticket and sees its signed by Kerberos "damn this dude has friends in high places, better let him in"

• Server agrees, welcome client

For the more visual learners:

Never thought I'd see the day I'd be explaining Kerberos with Spongebob memes.

Look ma, I made it!

The quick and dirty

• Microsoft warns of Remote Desktop freezes on Windows 11 22H2 - It's 2022, if you're still using RDP maybe you deserve the freezes, i dno

• Russian cybergangs stole over 50 million passwords this year - prime example of how info-stealers are dominating the malware market

• Researchers are building robots that can build themselves - hope they also built a robotic version of Arnold Sjwars..Swarse...Schjwarse.. the guy that played Terminator.

• Meme of the week:

Security like I'm five

Don't have time for hours of research? Don't have 20 years of experience in security? Me neither, but I gotchu fam.In Security like I'm five I cover a range of security topics. I do all the hard work, and explain it to you in a practical matter. Lot's of meme's too. Good stuff, good stuff.This and Security weekly conveniently delivered to your mailbox a couple of times a week, for free.Pretty sweet deal if you ask me.

So sign up for the newsletter and be enlightened! (don't set the bar too high tho)