A joint Cybersecurity Advisory (CSA) was issued by the Federal Bureau of Investigation (FBI) and Cybersecurity and Infrastructure Security Agency (CISA) recently warning organizations about a Russian state-sponsored cyber-attack. The cyber actors ran arbitrary code using system privileges by exploiting a Windows Print Spooler vulnerability, “PrintNightmare.”

The widespread popularity of the containerized infrastructure backed by the advancement in technology, has made Linux the top priority as a host of the enterprise production environment. Red Hat Enterprise Linux default configuration settings which are more functionality-focused than being security-oriented, are often faced with the risk of infrastructure breaches.

Privileged account exploitation remains at the core of targeted cyber attacks. An insight into some of the most high-profile breaches reveals a highly predictable pattern. Attackers are capable of crashing through hijack credentials, network perimeter, and utilize the same for moving laterally across the entire network. They also undertake additional credentials and enhance privileges towards achieving their goals.

When the credentials are submitted for a user account logon request, audit events are generated by the operating system which is determined by the Audit Credential Validation. The events occur as follow: As in an enterprise environment, domain accounts are used more often than local accounts so most of the user logon requests are in the Domain Environment for which Domain Controllers have the authorization. So, the event volume is high on Domain Controllers and low on member servers and workstations.

UNC (Universal Naming Convention) identifies servers, printers, and other resources in the UNIX/Windows Community. The name of a computer is anteceded in a UNC path by double slashes or backslashes. Local disk or directories UNC paths are separated by a single slash or backslash.

Password storage and encryption are an essential part of your password policy. Reversible encryption is known for being vulnerable to attacks. Therefore, it is crucial to map its usage and try to avoid it as much as possible.

Netlogon Service is a Microsoft Windows Server process used to validate or authenticate users and devices in a domain. It is used to confirm the user’s identity on any particular network that the user is trying to access. Netlogon is a process, not an application, therefore it is continuously running in the background. It can be stopped either manually or by some runtime error.

CalCom has joined the Center for Internet Security Inc. (CIS®) as a CIS SecureSuite Product Vendor Member. Membership allows product vendors the right to integrate the CIS Benchmarks™ and the CIS Controls® content into their security product and service offering(s). CIS Benchmarks and the CIS Controls are globally recognized standard best practices for securing IT systems and data against the most pervasive cyber-attacks. “We see the collaboration with the CIS as only natural.

Keeping Active Directory secure is one of the most critical tasks for organizations’ information security. Keeping track of users’ activity is a fundamental part of AD security. But before jumping into purchasing shiny tools, there’s a lot you can do by simply changing and leveraging AD built-in audit capabilities.

2020-2021 were unusually rough in the information security field. The pandemic accelerated the pace of discovering new attack techniques and the attacker’s motivation was high due to the potential impact of each attack. In addition, work methodologies that have changed led to the exposure of new vulnerabilities and an increase in the organizational attack surface.