Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Latest Posts

Vulnerability Scanning & Vulnerability Management is not Hardening

As a CISO or Security Manager, you understand your organization’s need to remain one step ahead of cybercriminals searching for gaps in your security posture. The market is flooded with solutions for dealing with vulnerabilities and the challenge continues to be understanding the ways to best prioritize and manage the vulnerabilities.

CVE-2021-42278 SAM & CVE-2021-42287 KDC vulnerability

Microsoft continues urging its customers to understand two core security vulnerabilities in the domain controllers of Active Directory. These vulnerabilities had been addressed by the company in November 2021. It was followed by a PoC or Proof of Concept tool on 12th December. The two vulnerabilities have been tracked as CVE-2021-42278 sAM (sAMAccountName spoofing ) and CVE-2021-42287 KDC.

RDS Clipboard Redirection: Should you allow it?

In this article we will provide basic information regarding the Clipboard Redirection setting, which enables the copy past function in remote desktop. Once you have decided the setting’s desired value, be sure and test it to fully understand what will be its impact on your production. This is critical since you don’t want it to result in damage to production. Configuring RDS Clipboard Redirection settings is a fundamental step in the hardening project.

How to mitigate PetitPotam NTLM Relay Attack

The latest Windows versions are compatible with NTLM and default NTLM implementation necessitates Active Directory. Microsoft has shared instructions on mitigating PetitPotam a type of NTLM relay attack that is used against Windows domain servers or controllers. Microsoft has referred to it as the ‘classic’ NTLM (ADV210003) relay attack allowing an attacker to take over domain controller or other Windows servers.

What is Cybersecurity Maturity Model Certification 2.0 (CMMC 2.0)?

The DoD or Department of Defense of the United States of America implements the CMMC or Cybersecurity Maturity Model Certification to standardize or normalize the overall preparedness for cybersecurity across the DIB (Defense Industrial Base) of the federal government against evolving threats.

Russian Hackers Exploit MFA protocols and Print Spooler "PrintNightmare" vulnerability

A joint Cybersecurity Advisory (CSA) was issued by the Federal Bureau of Investigation (FBI) and Cybersecurity and Infrastructure Security Agency (CISA) recently warning organizations about a Russian state-sponsored cyber-attack. The cyber actors ran arbitrary code using system privileges by exploiting a Windows Print Spooler vulnerability, “PrintNightmare.”

Supporting Red Hat Enterprise Linux 8 (RHEL 8) June 2022

The widespread popularity of the containerized infrastructure backed by the advancement in technology, has made Linux the top priority as a host of the enterprise production environment. Red Hat Enterprise Linux default configuration settings which are more functionality-focused than being security-oriented, are often faced with the risk of infrastructure breaches.

Kerberos Attacks - All You Need to Know

Privileged account exploitation remains at the core of targeted cyber attacks. An insight into some of the most high-profile breaches reveals a highly predictable pattern. Attackers are capable of crashing through hijack credentials, network perimeter, and utilize the same for moving laterally across the entire network. They also undertake additional credentials and enhance privileges towards achieving their goals.