Security News

3 types of attack paths in Microsoft Active Directory environments
2022-09-28 04:30

A common question we are asked by clients after deploying is, "Are attack paths in Active Directory this bad for everyone?". What does often cheer them up is learning that many of those attack paths can be fixed quickly and easily, now that the security team knows they exist.

Are Default Passwords Hiding in Your Active Directory? Here's how to check
2022-09-07 14:02

Many password spraying attacks specifically target default passwords.The question is, how can you track down default passwords on your network once they're no longer useful? One of the best options is to use a free, read-only tool called Specops Password Auditor.

Hackers Using Bumblebee Loader to Compromise Active Directory Services
2022-08-18 09:20

The malware loader known as Bumblebee is being increasingly co-opted by threat actors associated with BazarLoader, TrickBot, and IcedID in their campaigns to breach target networks for post-exploitation activities. "Bumblebee operators conduct intensive reconnaissance activities and redirect the output of executed commands to files for exfiltration," Cybereason researchers Meroujan Antonyan and Alon Laufer said in a technical write-up.

Why organizations should control Active Directory permissions
2022-08-16 04:00

In this Help Net Security video, Matthew Vinton, Strategic Systems Consultant at Quest Software, illustrates the importance of regularly analyzing, controlling and adapting Active Directory...

New Netwrix Auditor Bug Could Let Attackers Compromise Active Directory Domain
2022-07-16 05:07

Researchers have disclosed details about a security vulnerability in the Netwrix Auditor application that, if successfully exploited, could lead to arbitrary code execution on affected devices. "Since this service is typically executed with extensive privileges in an Active Directory environment, the attacker would likely be able to compromise the Active Directory domain," Bishop Fox said in an advisory published this week.

Review: Enzoic for Active Directory
2022-06-22 05:00

One of the strong points of the Enzoic for Active Directory solution is that it's fully compliant with NIST's password guidelines helping organizations easily achieve industry best practices for passwords. In its most recent release, Enzoic for Active Directory is going beyond just checking passwords to see whether they've been compromised generally - it now also checks full credential pairs.

The Added Dangers Privileged Accounts Pose to Your Active Directory
2022-05-26 03:49

In any organization, there are certain accounts that are designated as being privileged. These privileged accounts differ from standard user accounts in that they have permission to perform actions that go beyond what standard users can do.

IAM software: Okta vs Azure Active Directory
2022-04-29 15:56

This all makes IAM solutions critical to any modern business, and two popular options in that category are Okta and Microsoft Azure Active Directory. Azure Active Directory is a separate cloud-based user management solution for Azure and web logins.

Microsoft fixes Windows Active Directory bug caused by Jan updates
2022-02-07 15:00

Microsoft says it has fixed a known issue triggered by last month's Windows updates that would cause apps using Microsoft. "After installing updates released January 11, 2022 or later, apps using Microsoft.NET Framework to acquire or set Active Directory Forest Trust Information might fail, close, or you might receive an error from the app or Windows," Microsoft explained in an update to the Windows health dashboard.

Audit Your Active Directory with a free, read-only scan from Specops
2022-01-12 03:45

Specops Password Auditor is a read-only tool that scans your Active Directory and identifies password-related vulnerabilities. The collected information generates multiple interactive reports containing user and password policy information.