Security News

Week in review: Active Directory security, Dnsmasq vulnerabilities, how to select a fraud detection solution
2021-01-24 09:00

Dnsmasq vulnerabilities open networking devices, Linux distros to DNS cache poisoningSeven vulnerabilities affecting Dnsmasq, a caching DNS and DHCP server used in a variety of networking devices and Linux distributions, could be leveraged to mount DNS cache poisoning attack and/or to compromise vulnerable devices. Vulnerability management isn't working for cloud security: Here's how to do it rightThree things in life are seemingly guaranteed: death, taxes and high-profile cloud security breaches.

Rethinking Active Directory security
2021-01-19 06:00

In the wake of a cyberattack, Active Directory is sometimes dismissed as just another service that needs to be recovered, and security is an afterthought. Since Active Directory is used as a source from which to sync to other identity stores, any tampering with Active Directory can cause a devastating ripple effect across your identity infrastructure.

Quick Guide — How to Troubleshoot Active Directory Account Lockouts
2020-11-30 04:52

Active Directory account lockouts can be hugely problematic for organizations. The Windows operating system is somewhat limited in its ability to troubleshoot account lockouts, but there are some things that you can do.

How to Prevent Pwned and Reused Passwords in Your Active Directory
2020-11-02 06:35

In a password spraying attack, cybercriminals will often use databases of breached passwords, a.k.a pwned passwords, to effectively try these passwords against user accounts in your environment. Often passwords exposed in other breaches will be passwords that other users are using in totally different environments.

Jumio’s AI-powered identity verification solutions now available for Microsoft Azure Active Directory B2C
2020-09-24 00:00

Jumio announced that its AI-powered identity verification solutions are now available to Microsoft Azure Active Directory External Identities for B2C customers. Azure Active Directory B2C is a customer identity access management solution.

Office 365 Phishing Attack Leverages Real-Time Active Directory Validation
2020-09-11 20:28

Researchers have uncovered a phishing attack using a new technique: Attackers are making use of authentication APIs to validate victims' Office 365 credentials - in real time - as they enter them into the landing page. Office 365 requires app registrations to use APIs - but registrations require only an email address, making them seamless for attackers to leverage.

Securing Active Directory accounts against password-based attacks
2020-09-08 05:00

In the meantime, most of us need something to prevent our worst instincts when it comes to choosing passwords: using personal information, predictable keystroke patterns, password variations, well-known substitutions, single words from a dictionary and - above all - reusing the same password for many different private and enterprise accounts. The thing is, most older password policy tools don't provide a method to check if a password is strong and not compromised once the password is chosen/set.

Week in review: ERP security, early warning of ransomware, Active Directory disaster recovery
2020-08-30 07:16

ERP security: Dispelling common misconceptionsThe various applications integrated in ERP systems collect, store, manage, and interpret sensitive data from the many business activities, which allows organizations to improve their efficiency in the long run. Needless to say, the security of such a crucial system and all the data it stores should be paramount for every organization.

Most organizations have no Active Directory cyber disaster recovery plan
2020-08-26 03:30

Although 97% of organizations said that Active Directory is mission-critical, more than half never actually tested their AD cyber disaster recovery process or do not have a plan in place at all, a Semperis survey of over 350 identity-centric security leaders reveals. Exactly 33% of organizations said they have an AD cyber disaster recovery plan but never tested it, while 21% have no plan in place at all.

IDology integrates its ExpectID solution with the Microsoft Azure Active Directory External Identities
2020-07-03 00:00

IDology, a GBG company, announced a partnership with Microsoft to integrate its innovative ExpectID identity verification and anti-fraud solution with the Microsoft Azure Active Directory External Identities. ExpectID is now available to Azure Active Directory customers for easy, plug-and-play access to multi-layered global identity verification as a service that elevates trust, facilitates onboarding, increases business identity assurance and shuts down fraud.