Security News

Microsoft on Monday revealed new malware deployed by the hacking group behind the SolarWinds supply chain attack last December to deliver additional payloads and steal sensitive information from Active Directory Federation Services servers. "Once Nobelium obtains credentials and successfully compromises a server, the actor relies on that access to maintain persistence and deepen its infiltration using sophisticated malware and tools," MSTIC researchers said.

Jack Wallen walks you through the steps to join Ubuntu Desktop to Active Directory domains.

My guests today are Lee Christiansen and Will Schroeder, the SpecterOps researchers behind a recent report entitled Certified Pre-owned: Abusing Active Directory Certificate Servers, about attack paths in Microsoft Active Directory. Will Schroeder: And the last thing I'll add on to that last kind of point is just the complexity of Active Directory along with, you know, how easy it can occasionally be to where one of the things we've seen and a term we've tried to help kind of push is misconfiguration debt, where we see Active Directory has been in an environment for a long period of time.

Active Directory is central for many companies and used to authorize access at almost every level. Due to its popularity and importance, AD is a perfect target for 'bad actors.

Microsoft is updating Microsoft Defender for Identity to allow security operations teams to block attacks by locking a compromised user's Active Directory account. Microsoft Defender for Identity is a cloud security service that leverages on-premises Active Directory signals to detect and analyze advanced threats, compromised identities, and malicious insider activity targeting enrolled organizations.

Active Directory, a directory service developed by Microsoft for Windows domain networks, is most organizations' primary store for employee authentication and identity management, and controls which assets / applications / systems a user has access to. This makes Active Directory a valuable target for attackers and spur organizations to improve its security.

Jack Wallen shows you just how easy it is to join an existing AlmaLinux server to an Active Directory domain via a web-based GUI. If you've begun deploying AlmaLinux into your data center or your cloud-hosted services, you might have a reason to join those servers to your existing Active Directory domain. To make this work, you'll need an instance of AlmaLinux, a running Active Directory Domain Controller, and a user with sudo privileges.

Because so many organizations rely on a hybrid cloud identity model that holds a central role for on-premises Active Directory, it's a natural conclusion to consider Active Directory be a part of cybersecurity plans. How do you go about convincing your boss about the need to protect Active Directory in the same way you do other parts of the environment? For starters, don't start talking technical.

Canonical has made it easy for admins to join Ubuntu Desktop to Active Directory domains. One particular feature that network and security admins will greatly appreciate is the ability to easily connect Ubuntu Desktop to an Active Directory domain.

Semperis announced the general availability of Directory Services Protector 3.5, which includes DSP Intelligence, a new module that provides automated security assessments of Microsoft Active Directory. DSP Intelligence proactively uncovers dangerous vulnerabilities that arise from external threat actors, systemic weaknesses in default identity and access settings, and even internal configuration drift that leads to security regression.