Read Time:2 Second
Personal info of “certain customers” was affected
Daily Archives: September 5, 2022
How Azure Active Directory opens new authentication risks
Read Time:53 Second
It’s been common knowledge for years that local Windows Active Directory networks are vulnerable to NTLM relay and pass-the-hash attacks that can allow attackers to move laterally through networks and access additional machines and resources. Since some of these attacks exploit design decisions in the authentication protocols used inside Windows networks, they cannot be simply patched by Microsoft with changes in software. Organizations need to take defense-in-depth measures that involve stricter configurations and additional controls to protect themselves.
With the adoption of hybrid networks, where parts of the networks are local and parts are in the cloud, enterprises now rely on services such as Azure Active Directory (Azure AD) to allow its various machines to authenticate to each other. But Azure AD is quite different from local AD as it uses different protocols and has new features that expand the networking possibilities of organizations. However, according to presentations last month at the Black Hat USA security conference, it also offers new possibilities for attackers.
Top 12 managed detection and response solutions
Read Time:39 Second
Of all foundational elements for information security, logging requires far more care and feeding than its fellow cornerstones such as encryption, authentication or permissions. Log data must be captured, correlated and analyzed to be of any use. Due to typical log volume, software tools to manage log events is a must-have for businesses of any size.
Traditionally, log events have been processed and handled using security information and event management (SIEM) tools. SIEM systems at the minimum provide a central repository for log data and tools to analyze, monitor and alert on relevant events. SIEM tools (and data analysis capabilities) have evolved more sophisticated capabilities such as machine learning and the ability to ingest third-party threat data.
IRS Leaks 120,000 Taxpayers’ Personal Details
ZDI-22-1184: ManageEngine OpManager Plus getDNSResolveOption Command Injection Remote Code Execution Vulnerability
Read Time:7 Second
This vulnerability allows remote attackers to execute arbitrary code on affected installations of ManageEngine OpManager Plus. Authentication is required to exploit this vulnerability.