What’s up with attacks on identity systems? New guidance for vulnerabilities that could allow attackers to take over #Windows domains, the weaponization of the #Log4J vulnerability by #Conti group, and new activity from the Cuba #ransomware group:
Semperis
2,500 posts
Semperis
@SemperisTech
The Leader in AI-Powered Identity Security and Cyber Resilience for Hybrid Environments.
- #Cyberattackers are always devising new ways to compromise #ActiveDirectory. In this post, Semperis Researcher Yuval Gordon explores a little-known DACL tactic that attackers can use to hide membership from a group and possibly evade detection.
- Is your hybrid identity environment vulnerable to a #cyberattack? On-premises #ActiveDirectory and #AzureAD are unique—but they’re not separate. Find out how Semperis DSP helps protect your hybrid #identity system: semperis.com/solutions/secu…
00:00 - New research from Semperis' Charlie Clark (@exploitph) describes a vulnerability that could open new attack paths, detection bypasses, and potential weakening of security controls, putting orgs at higher risk from #Kerberoasting and other attacks. 👇 semperis.com/blog/new-attac…
- With the transition to hybrid #identity environments, organizations must defend against a rise in attacks that enter companies through on-premises #AD, then move to the cloud. DSP 3.6 aims to help detect and remediate security risks, reports @SCMagazine. bit.ly/2ZJpDh3
- #AzureAD admins, beware: #Cyberattackers can use SMTP matching to obtain privileged access via eligible role assignments. In this post by @SemperisTech Security Researchers Sapir Federovsky and Tomer Nahum, learn how- and how to stop them.
- What’s new in the #identity threat landscape? An attack on US broadcast company Sinclair, Microsoft’s warnings about delegating privileges to service providers, a second BlackMatter attack on Olympus, and more. Check out the October Identity Attack Watch:semperis.com/blog/identity-…
- Research from Enterprise Management Associates (EMA) and Semperis finds that unknown vulnerabilities top the list of #ActiveDirectory security concerns of IT security practitioners. Read more here: bit.ly/3r9plLP 📥 Download the report now at semperis.com/resources/unkn….
- Semperis’ #Hacker in Residence, @Sidragon1, joined @JillAitoro to discuss the reality breached companies face as they “have to go look in the mirror and ask, 'why didn’t we see it? We have multi-billion dollar systems in place that should detect this,' ” bit.ly/3pNiBQ7
- Privilege escalation is a prime tool for attackers to infiltrate your #ActiveDirectory--and from there, anything they want. Learn more about a vulnerability that can enable #cyberattackers to target AD Certificate Services and take over your domain.
- You're familiar with the Golden Ticket attack, but what about the Diamond Ticket? Semperis Security Researcher @exploitph and @TrustedSec's @4ndr3w6S reveal the result of research into this potential #securityvulnerability: lnkd.in/gNYf2Gxz.
- Although the threat landscape is continually expanding, organizations can improve their security posture by addressing the identity-related vulnerabilities covered in the #ActiveDirectory Security Halftime Report. 📥 Download the report for free at bit.ly/halftime-repor….
- Expert speakers from @HIPConf look back at 2020 and what they're focusing on in the year ahead as they work to solve complex #IdentitySecurity & access challenges: bit.ly/2WGlHsK Featuring: @ber_mic, @a_greenberg, @Sidragon1, @wimvdheijkant, @grouppolicyguy, @shorinsean
- How secure is your #ActiveDirectory environment? Find out with #PurpleKnight, a free #security assessment tool that uncovers dangerous misconfigurations attackers can use to steal data and launch #malware campaigns. bit.ly/2Ov4Fxr
