Security News

The Added Dangers Privileged Accounts Pose to Your Active Directory
2022-05-26 03:49

In any organization, there are certain accounts that are designated as being privileged. These privileged accounts differ from standard user accounts in that they have permission to perform actions that go beyond what standard users can do.

IAM software: Okta vs Azure Active Directory
2022-04-29 15:56

This all makes IAM solutions critical to any modern business, and two popular options in that category are Okta and Microsoft Azure Active Directory. Azure Active Directory is a separate cloud-based user management solution for Azure and web logins.

Microsoft fixes Windows Active Directory bug caused by Jan updates
2022-02-07 15:00

Microsoft says it has fixed a known issue triggered by last month's Windows updates that would cause apps using Microsoft. "After installing updates released January 11, 2022 or later, apps using Microsoft.NET Framework to acquire or set Active Directory Forest Trust Information might fail, close, or you might receive an error from the app or Windows," Microsoft explained in an update to the Windows health dashboard.

Audit Your Active Directory with a free, read-only scan from Specops
2022-01-12 03:45

Specops Password Auditor is a read-only tool that scans your Active Directory and identifies password-related vulnerabilities. The collected information generates multiple interactive reports containing user and password policy information.

Active Directory Bugs Could Let hackers Take Over Windows Domain Controllers
2021-12-22 08:50

Microsoft is urging customers to patch two security vulnerabilities in Active Directory domain controllers that it addressed in November following the availability of a proof-of-concept tool on December 12. The two vulnerabilities - tracked as CVE-2021-42278 and CVE-2021-42287 - have a severity rating of 7.5 out of a maximum of 10 and concern a privilege escalation flaw affecting the Active Directory Domain Services component.

Two Active Directory Bugs Lead to Easy Windows Domain Takeover
2021-12-21 16:46

A proof-of-concept tool has been published that leverages two Windows Active Directory bugs fixed last month that, when chained, can allow easy Windows domain takeover. Both vulnerabilities are described as a "Windows Active Directory domain service privilege-escalation" bugs and are of high severity, with a CVSS criticality score of 7.5 out of 10.

Microsoft warns of easy Windows domain takeover via Active Directory bugs
2021-12-20 19:51

Microsoft warned customers today to patch two Active Directory domain service privilege escalation security flaws that, when combined, allow attackers to easily takeover Windows domains.Redmond's warning to immediately patch the two bugs - both allowing attackers to impersonate domain controllers - comes after a proof-of-concept tool that can leverage these vulnerabilities was shared on Twitter and GitHub on December 11.

Active Directory control: How adversaries score even bigger goals via attack paths
2021-11-02 07:00

Microsoft Active Directory and Azure Active Directory are directory services products used for identity and access management at most major enterprises all over the world. All Active Directory environments are vulnerable to a type of attack called identity attack paths.

SolarWinds Attackers Hit Active Directory Servers with FoggyWeb Backdoor
2021-09-28 14:39

Researchers from the Microsoft Threat Intelligence Center have observed the APT it calls Nobelium using a post-exploitation backdoor dubbed FoggyWeb, to attack Active Directory Federation Services servers. Once a server is compromised, the threat group deploys FoggyWeb "To remotely exfiltrate the configuration database of compromised AD FS servers, decrypted token-signing certificates and token-decryption certificates," he said, which can be used to penetrate into users' cloud accounts.

Microsoft warns: Active Directory FoggyWeb malware being actively used by Nobelium gang
2021-09-28 10:44

Microsoft has warned of a new tool designed to exfiltrate credentials and introduce a backdoor into Active Directory servers that is under active use by the Nobelium threat actor group. The FoggyWeb malware, Microsoft has declared, is designed to target Microsoft Active Directory Federation Services servers, exfiltrating credentials, configuration databases, decrypted token-signing and token-decryption certificates, and to download additional components to set up a permanent backdoor and attack the network more widely.