Active Directory
Why ransomware attackers target Active Directory
Ransomware attacks have surged 78% year-over-year, affecting various sectors and organizations and significantly impacting supply chains. In this Help, Net Security video, …
Active Directory outages can cost organizations $100,000 per day
Nearly every organization has core systems services tied to Active Directory that will go down during an outage, according to Cayosoft. Consequences of system downtime for …
SOAPHound: Open-source tool to collect Active Directory data via ADWS
SOAPHound is an open-source data collection tool capable of enumerating Active Directory environments through the Active Directory Web Services (ADWS) protocol. How SOAPHound …
Adalanche: Open-source Active Directory ACL visualizer, explorer
Adalanche provides immediate insights into the permissions of users and groups within an Active Directory. It’s an effective open-source tool for visualizing and …
GOAD: Vulnerable Active Directory environment for practicing attack techniques
Game of Active Directory (GOAD) is a free pentesting lab. It provides a vulnerable Active Directory environment for pen testers to practice common attack methods. GOAD-Light: …
Ransomware dwell time hits new low
Median attacker dwell time—the time from when an attack starts to when it’s detected—shrunk from 10 to eight days for all attacks, and to five days for ransomware attacks …
Open-source penetration testing tool BloodHound CE released
SpecterOps released version 5.0 of BloodHound Community Edition (CE), a free and open-source penetration testing solution that maps attack paths in Microsoft Active Directory …
Why organizations should control Active Directory permissions
In this Help Net Security video, Matthew Vinton, Strategic Systems Consultant at Quest Software, illustrates the importance of regularly analyzing, controlling and adapting …
36% of orgs expose insecure FTP protocol to the internet, and some still use Telnet
A significant percentage of organizations expose insecure or highly sensitive protocols, including SMB, SSH, and Telnet, to the public internet, the ExtraHop Benchmarking …
Review: Enzoic for Active Directory
Data breaches now happen so often that we don’t even pause when reading yet another headline notifying us of the latest one. We react only if the breach happened to a service …
Microsoft patches Windows LSA spoofing zero-day under active attack (CVE-2022-26925)
May 2022 Patch Tuesday is here, and Microsoft has marked it by releasing fixes for 74 CVE-numbered vulnerabilities, including one zero-day under active attack (CVE-2022-26925) …
Good end user passwords begin with a well-enforced password policy
In this interview with Help Net Security, Lori Österholm, CTO at Specops Software, explains what makes passwords vulnerable and suggests some password best practices and …
Featured news
Sponsored
Don't miss
- Tech stack uniformity has become a systemic vulnerability
- How human-led threat hunting complements automation in detecting cyber threats
- 33 open-source cybersecurity solutions you didn’t know you needed
- Veeam Backup & Replication RCE flaw may soon be leveraged by ransomware gangs (CVE-2024-40711)
- AI cybersecurity needs to be as multi-layered as the system it’s protecting