Security News

Preventing Insider Threats in Your Active Directory
2023-03-22 11:20

Configure Active Directory securely with LDAP signing and LDAPS requirements, regularly rotate the KRBTGT password and use group-managed service accounts to rotate service account credentials. Enable multi-factor authentication and a strong password policy, augmented by solutions such as Specops Password Policy.

IcedID Malware Strikes Again: Active Directory Domain Compromised in Under 24 Hours
2023-01-12 14:46

A recent IcedID malware attack enabled the threat actor to compromise the Active Directory domain of an unnamed target less than 24 hours after gaining initial access. "Throughout the attack, the attacker followed a routine of recon commands, credential theft, lateral movement by abusing Windows protocols, and executing Cobalt Strike on the newly compromised host," Cybereason researchers said in a report published this week.

Password Salting to Increase Windows Active Directory Security
2022-11-30 15:06

Password salting is a technique for making passwords more difficult to crack by adding random values to the stored password hash. In order to understand password salting and its benefits however, it is necessary to understand how Windows stores passwords and some of the risks that are associated with storing passwords in that way.

Using Regex to Implement Passphrases in Your Active Directory
2022-11-01 14:06

With most organizations today using Microsoft's Active Directory Domain Services as their on-premises identity and access management authentication solution, it creates challenges for admins looking to bolster their password security. As an example, regex can help identify and filter the following passphrase elements in your Active Directory environment and can be used with custom requirements to define passphrases used in the environment.

Text message verification flaws in your Windows Active Directory
2022-10-18 14:06

While the use of text messaging goes a long way toward protecting an organization against cyber criminals who attempt to use stolen passwords as a way of gaining access to accounts, text messaging-based MFA has vulnerabilities of its own. Risk of text message use in multi-factor authentication.

3 types of attack paths in Microsoft Active Directory environments
2022-09-28 04:30

A common question we are asked by clients after deploying is, "Are attack paths in Active Directory this bad for everyone?". What does often cheer them up is learning that many of those attack paths can be fixed quickly and easily, now that the security team knows they exist.

Are Default Passwords Hiding in Your Active Directory? Here's how to check
2022-09-07 14:02

Many password spraying attacks specifically target default passwords.The question is, how can you track down default passwords on your network once they're no longer useful? One of the best options is to use a free, read-only tool called Specops Password Auditor.

Hackers Using Bumblebee Loader to Compromise Active Directory Services
2022-08-18 09:20

The malware loader known as Bumblebee is being increasingly co-opted by threat actors associated with BazarLoader, TrickBot, and IcedID in their campaigns to breach target networks for post-exploitation activities. "Bumblebee operators conduct intensive reconnaissance activities and redirect the output of executed commands to files for exfiltration," Cybereason researchers Meroujan Antonyan and Alon Laufer said in a technical write-up.

Why organizations should control Active Directory permissions
2022-08-16 04:00

In this Help Net Security video, Matthew Vinton, Strategic Systems Consultant at Quest Software, illustrates the importance of regularly analyzing, controlling and adapting Active Directory...

New Netwrix Auditor Bug Could Let Attackers Compromise Active Directory Domain
2022-07-16 05:07

Researchers have disclosed details about a security vulnerability in the Netwrix Auditor application that, if successfully exploited, could lead to arbitrary code execution on affected devices. "Since this service is typically executed with extensive privileges in an Active Directory environment, the attacker would likely be able to compromise the Active Directory domain," Bishop Fox said in an advisory published this week.