Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Your password manager protects your digital life. Passwords. Credit cards. Your most important documents. By its nature, the password manager is personal.

Learning how attackers target weak domain account passwords is not enough for Active Directory security. Let’s look beyond domain accounts and understand the ways adversaries attack local accounts on Windows servers and desktops. For this post, we will focus on the most important local account: Administrator.

In the early days of internet security, an access-centric security model made sense. Access lists on routers were complemented by firewalls and, later, intrusion detection systems. Given the processing capacity available at the time, this was absolutely adequate and appropriate for protecting a website, even with e-commerce. But that was the 1990s, and the internet has become so much more than websites with some shopping capabilities. Now, it’s the backbone of our society.

On Tuesday, October 25th 2022, VMware disclosed a critical remote code execution vulnerability (CVE-2021-39144, CVSS 9.8) in VMware Cloud Foundation NSX-V versions 3.x and older. A threat actor could perform remote code execution in the context of ‘root’ on the appliance due to an unauthenticated endpoint that leverages XStream for input serialization.

Today’s reality is that you’ll never be 100% secure. Remote work and digital transformation add more access points, devices, and applications than ever before. At the same time, your team is constantly responding to alerts that could be an incident. Although, most often, it’s not. Basically, you need to reduce the mean time to investigate (MTTI) and the mean time to respond (MTTR).

Testing code is the first step to making it secure. One of the best ways to do this is to use unit tests, ensuring that each of the smaller functions within an app behave as they should — especially when the app receives edge-case or invalid inputs, or inputs that are potentially harmful.

The trouble with allowing developers to deploy code directly to production is that security threats are often overlooked in the process. These vulnerabilities only show up later during runtime. Once this happens, it falls on the shoulders of the Ops team or SREs to engage in firefighting.

A weak password can easily become compromised by a cyberattacker, but employing multi-factor authentication (MFA) can stop a cyberattacker in their tracks. MFA is recommended as a best practice by the US National Institute of Standards and Technology (NIST) to reduce risk. Learn more about MFA and how it can protect your company from cyberattacks.

The U.S. Transportation Security Administration (TSA) recently issued new cybersecurity regulations for passenger and freight railroad carriers to enhance cybersecurity resilience with performance-based measures. This security directive includes a new requirement for railroad carriers to build continuous monitoring policies and procedures. This is the latest of several recent initiatives on the U.S. state and federal levels requiring continuous monitoring of cyber risk.

Cybersecurity is an issue that’s becoming more and more difficult for SMBs to manage on their own. As a result, MSPs are on the rise. Data from Canalys indicates that the cybersecurity managed services business grew by 18% in 2021, driven by the combination of the increasing sophistication of cyber threats and the shortage of dedicated cybersecurity personnel, which makes the situation unscalable for SMBs and midsize companies who often hire an external MSP to help solve these issues.