Today, many organizations have a security awareness program of some kind. Whether it’s annual compliance training or the orientation video warning new employees about phishing, it’s almost a standard now among industries. However, security awareness programs vary in frequency, details, and execution. And it’s that variability which, unfortunately, can become a vulnerability. Employees and users are the first line of defense against a cyberattack.

In the introductory post of this series, we reviewed what an Active Directory (AD) service account is, explained why these privileged accounts are a serious security risk, and promised to detail 4 types of attacks on service accounts in future posts. This post explores the first of those attacks: LDAP reconnaissance, which attackers can use to discover service accounts in an IT environment while avoiding detection.

In the first post of these series we showed how an adversary can discover Active Directory service accounts with PowerShell, and the second post demonstrated how to crack their passwords using the Kerberoasting technique. Now let’s see how an attacker can exploit a compromised service account using Kerberos Silver Tickets to forge TGS tickets.

The increasing popularity of online payment systems results from the world’s gradual transition to a cashless and contactless digital economy — an economy, projected in a recent Huawei white paper, to be worth $23 trillion by 2025.

In recent years there has been a growing trend for cybercriminals to target human resources departments in order to exploit the sensitive data they handle. Hackers can do a lot of damage, and make a lot of money, once they gain access to Social Security information, dates of birth, work history or employee and company bank account numbers.

With the alarming increase in cyberattacks across the globe, it is becoming evident that no organization is immune to cyberthreats. As a result, there is a question pending in the minds of IT security leaders: What happens to their organization in case of a cyberattack?

CI/CD is a recommended technique for DevOps teams and a best practice in agile methodology. CI/CD is a method for consistently delivering apps to clients by automating the app development phases. Continuous integration, continuous delivery, and continuous deployment are the key concepts. CI/CD adds continuous automation and monitoring throughout the whole application lifetime, from the integration and testing phases to delivery and deployment.

In a new 12-minute video Rakesh Shah AVP Product Management and Development of AT&T Cybersecurity, explains Extended Detection and Response (XDR). This video was part of the virtual Black Hat USA event in August. It’s not product-specific and explains what can be a very confusing concept in a delightfully simple way.

One commonly used feature with Tines is the ability to configure your Actions to run on a schedule (docs). For example, an HTTP Request Action that runs every minute, once a day, or every few hours. Our customers rely heavily on this feature in carrying out their mission-critical workflows. In this post, we examine how our old job scheduler system worked, a very interesting race condition, and why we replaced our old scheduler with something more reliable to meet our delivery guarantees.