RID hijacking is a persistence technique used by adversaries who have compromised a Windows machine. In a nutshell, attackers use the RID (relative identifier) of the local Administrator account to grant admin privileges to the Guest account (or another local account). That way, they can take actions using the Guest account, which is normally not under the same level of surveillance as the Administrator account, to expand their attack while remaining undetected.

Imagine clicking on a seemingly harmless link and unknowingly giving away your personal and financial information to cybercriminals. Sounds like a nightmare, right? This nightmare became a reality for thousands of people in Australia and New Zealand when Latitude Financial Services suffered a massive data breach in March of 2023. Let’s take a look at the implications of the Latitude data breach and what you can do to protect yourself from falling victim to a similar attack.

Threat detection and mitigation is one of the core responsibilities of a SOC. With cyberattacks becoming more sophisticated, it has become arduous for security analysts to secure their network from threats. Hybrid work and BYOD policies are making it more difficult for SOCs to keep track of network activities. Attackers continue to improvise new tactics and techniques to compromise an organization’s network.

The spread of the remote workforce and the growth of digital transformation has exponentiated the number of login-based attack vectors. While multi-factor authentication (MFA) generally protects against common methods of gaining unauthorized account access, not all multi-factor authentication methods can defend against sophisticated attacks. To achieve full zero-trust access, MFA is being replaced by phishing-resistant MFA and the standards that define it.

Digital transformation has reached all sectors, including non-governmental organizations (NGOs). These organizations have now become more dependent on technology to improve their ability to deliver and scale programs, engage with beneficiaries, and ensure an agile response to populations in need. Although this transformation delivers many benefits for NGOs, it has made them a viable and attractive target for cybercriminals.

NextGen Healthcare is an Atlanta-based healthcare services company that helps hospitals and health practices manage health record data electronically. The company was founded in 1973 and manages data for millions of different patients throughout the United States. With so many patients relying on the same service, this company is a huge security vulnerability since it suffered from a major data breach.

Major data breaches seem to be occurring more and more frequently, and we have some huge names on the list of impacted companies this week, including the US Government, Toyota, and Intel. We were also concerned with services in our hospitals and our schools being breached, giving up patient, student, and teacher data in the process through the breach of companies like SchoolDude and NextGen Healthcare.

Teleport Team is the latest SaaS offering from Teleport. Teleport Team is designed to secure your infrastructure with safe, short-lived, and secretless access. It's an ideal solution for startups, rapidly expanding businesses, or even hobbyists who want to fortify their infrastructure without the hassle of deploying, updating, or maintaining a Teleport Cluster. Starting at just $15 per monthly active user with 50 included protected resources.