Things are not always what they seem, says incident response expert Joseph Carson, pointing to a case involving ransomware that infected a company in Ukraine, but for which there was no external attack path. Ultimately, his investigation found that ransomware had been used to hide internal fraud.
U.K’s Prudential Regulation Authority (PRA) has identified cyber security as a top risk for banking institutions, in addition, a new Bank of England survey shows that nearly three quarters of respondents were worried about cybersecurity, with 59% naming cyber-attacks in the top 5 biggest risks to the UK’s...
Microsoft is urging customers to apply patches issued in November for two Active Directory domain controller bugs following publication of a proof-of-concept tool that leverages these bugs, which when chained can allow easy Windows domain takeover.
Join this on demand session to learn how attackers are leveraging credentials, Active Directory, and the vast over provisioning of entitlements to successfully conduct some of the most damaging attacks that we have ever seen.
Join this webinar to hear Steve Hunt, a senior cybersecurity analyst at Aite Group, outline why attackers have been successful, decisions that have created weaknesses, and why common security efforts have been insufficient in preventing attacks using advanced techniques.
In the latest weekly update, four editors at Information Security Media Group discuss important cybersecurity issues, including why enterprises need a multilayered approach to securing identity, how fraud will evolve in 2022 and the need to secure backdoors to prevent ransomware attacks.
Microsoft has indicated it will make changes to reduce the risk around what a security vendor says is a vulnerability that lets attackers run brute-force credential attacks against Azure Active Directory. The issue was reported to Microsoft in June by SecureWorks' Counter Threat Unit.
The Russia-linked cyberespionage group Nobelium, which was responsible for the SolarWinds supply chain attack, has developed and deployed a new malware, dubbed FoggyWeb, according to a Microsoft Threat Intelligence Center security blog. Microsoft says FoggyWeb creates a backdoor to exfiltrate data.
A recently discovered ransomware-as-a-service gang dubbed AvosLocker is recruiting affiliates and partners, including "pentesters" and "access brokers," on darknet forums, according to the security firm Malwarebytes.
Threat actors are focusing a lot on Active Directory today as it is a path for them to reach an organisations key data & applications. The versatility of Active Directory makes it a crucial target for hackers. Organisations learn new ways on how to protect this valuable target and mitigate the risks. Organisations...
The U.S. Cybersecurity and Infrastructure Security Agency warns that hackers are increasingly targeting cloud services by waging phishing schemes and brute-force attacks. CISA recommends a number of defenses, including regularly reviewing Active Directory sign-in logs and enforcing multifactor authentication.
Nestled deep in most networks is such a popular destination for attackers that network security, endpoint security, and cloud security vendors make it their prime directive to catch bad activities before attackers reach this enticing target. The place all attacks seem to be worming their way toward is Active...
Protecting Active Directory has become increasingly complex with pervasive access and a multitude of objects with varying levels of privilege and domain control. Monitoring and keeping this environment secure has become a significant challenge and comes with dire consequences when that control is lost to an attacker....
Microsoft removed 18 apps from its Azure cloud platform that were being used by hackers as part of their command-and-control infrastructure. The threat group, called Gadolinium, was abusing the infrastructure to launch phishing email attacks, Microsoft researchers say.
Hackers compromised the network of Saudi Arabia's Virgin Mobile KSA, gained email system access and offered stolen data for sale on the dark web. According to a source with knowledge of the attack, the incident - remediated late last week - is one of a string of attacks against organizations in the Middle East.