Security News
Configure Active Directory securely with LDAP signing and LDAPS requirements, regularly rotate the KRBTGT password and use group-managed service accounts to rotate service account credentials. Enable multi-factor authentication and a strong password policy, augmented by solutions such as Specops Password Policy.
A recent IcedID malware attack enabled the threat actor to compromise the Active Directory domain of an unnamed target less than 24 hours after gaining initial access. "Throughout the attack, the attacker followed a routine of recon commands, credential theft, lateral movement by abusing Windows protocols, and executing Cobalt Strike on the newly compromised host," Cybereason researchers said in a report published this week.
Password salting is a technique for making passwords more difficult to crack by adding random values to the stored password hash. In order to understand password salting and its benefits however, it is necessary to understand how Windows stores passwords and some of the risks that are associated with storing passwords in that way.
With most organizations today using Microsoft's Active Directory Domain Services as their on-premises identity and access management authentication solution, it creates challenges for admins looking to bolster their password security. As an example, regex can help identify and filter the following passphrase elements in your Active Directory environment and can be used with custom requirements to define passphrases used in the environment.
While the use of text messaging goes a long way toward protecting an organization against cyber criminals who attempt to use stolen passwords as a way of gaining access to accounts, text messaging-based MFA has vulnerabilities of its own. Risk of text message use in multi-factor authentication.
A common question we are asked by clients after deploying is, "Are attack paths in Active Directory this bad for everyone?". What does often cheer them up is learning that many of those attack paths can be fixed quickly and easily, now that the security team knows they exist.
Many password spraying attacks specifically target default passwords.The question is, how can you track down default passwords on your network once they're no longer useful? One of the best options is to use a free, read-only tool called Specops Password Auditor.
The malware loader known as Bumblebee is being increasingly co-opted by threat actors associated with BazarLoader, TrickBot, and IcedID in their campaigns to breach target networks for post-exploitation activities. "Bumblebee operators conduct intensive reconnaissance activities and redirect the output of executed commands to files for exfiltration," Cybereason researchers Meroujan Antonyan and Alon Laufer said in a technical write-up.
In this Help Net Security video, Matthew Vinton, Strategic Systems Consultant at Quest Software, illustrates the importance of regularly analyzing, controlling and adapting Active Directory...
Researchers have disclosed details about a security vulnerability in the Netwrix Auditor application that, if successfully exploited, could lead to arbitrary code execution on affected devices. "Since this service is typically executed with extensive privileges in an Active Directory environment, the attacker would likely be able to compromise the Active Directory domain," Bishop Fox said in an advisory published this week.