Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Interactive logon refers to users authenticating directly to a Windows system through its interface, such as a GUI or command line. Because these logons grant immediate access to a live session, misconfigured interactive logon policies can expose systems to credential theft and unauthorized access. This guide explains which interactive logon settings matter, where risks commonly appear, and how to harden them effectively.

Creating a safe and secure environment is a top priority for all types of organizations. To accomplish this goal, it is essential to adhere to group policy best practices, particularly in the realm of GPO security. By configuring fundamental Group Policy Settings correctly, organizations can significantly enhance their security posture. When Group Policies are utilized effectively, they play a crucial role in safeguarding users’ computers from various threats and potential breaches.

Continuous Threat Exposure Management (CTEM) is a proactive cybersecurity framework that continuously reduces your attack surface in response to emerging threats.

NTLM Relay attacks should be history. Yet in 2025, they remain one of the most effective ways to compromise Active Directory. We first covered this problem back in 2020, when we wrote about a troubling vulnerability that refused to die: NTLM Relay attacks. At the time, many believed NTLM Relay attacks were a relic of the past, an old problem long solved by Kerberos and modern authentication protocols.

CISA has just added a new CVE regarding SMB, with a very high CVSS rating. CVE-2025-33073 is a high-severity (CVSS 8.8) vulnerability in the Windows SMB client caused by improper access control (CWE-284). An authenticated attacker can exploit it over the network to gain elevated privileges. Microsoft has issued guidance on how it should be patched and CalCom recommend this be done immediately.

Local Oracle Linux installations do not support CIS Oracle Linux benchmarks or hardened images. When you implement CIS Benchmarks on an Oracle server, you are on your own. We wrote this post to help you.

On September 9, 2025, Microsoft released details of CVE-2025-55234, a critical vulnerability in the Windows Server Message Block (SMB) protocol. With a CVSS v3 score of 8.8, it’s classified as High severity and poses a serious elevation-of-privilege (EoP) risk. An attacker exploiting this flaw could launch a relay attack, allowing them to gain the privileges of a legitimate user without elevated permissions or insider access.

Server hardening’s core principle is, “unnecessary functionality compromises security.” Adopting Linux should greatly simplify the process. No matter which flavor of Linux you choose to run, hardening your servers should be the same process; once you know one, you know them all. When it comes to Oracle Linux Server Hardening, what works for Red Hat or CentOS should continue to work. In theory, yes, but in practice, there are significant differences that could make or break your project.

The Federal Financial Institutions Examination Council (FFIEC) retired its Cybersecurity Assessment Tool (CAT) on August 31, 2025. This self-assessment resource, used by financial institutions to gauge cybersecurity risk and readiness, won’t be updated going forward. The FFIEC launched CAT in 2015 to help organizations measure their exposure to risk and assess their cyber preparedness.

The National Credit Union Administration (NCUA) was created to insure and regulate the industry. Under the Federal Code of Regulations, Part 748, each federally insured credit union is required to develop a security program within 90 days of the effective date of insurance. To ensure that credit unions comply with federal cybersecurity requirements, the NCUA collaborates with the Federal Financial Institutions Examination Council (FFIEC) to set examination standards.