Tag: ACTIVE DIRECTORY

Malicious Software and Its Types
This article explores various types of malware, detailing their characteristics, examples, and consequences in the cybersecurity landscape. It covers viruses, worms, trojans, spyware, rootkits, ransomware, and cryptojacking, highlighting both historical examples and mitigation strategies. Affected: malware, computer systems, data security

Keypoints :

Malware is software developed to harm computer systems, steal data, or gain unauthorized access.…
Read More
MITREs Latest ATTACK Simulations Tackles Cloud Defenses
Summary: The MITRE ATT&CK Evaluations test cybersecurity firms against sophisticated cyber threats, focusing on improving defenses rather than merely grading software. In 2025, the evaluations will emphasize cloud-based attacks and response strategies, reflecting the evolving threat landscape. These assessments provide valuable insights for organizations to enhance their cybersecurity measures based on real-world attack simulations.…
Read More
CTI REPORT – LockBit 3.0
LockBit 3.0 ransomware primarily targets Windows systems, exploiting vulnerabilities in Active Directory and Microsoft Exchange Server. It employs various tactics for initial access, data encryption, and data exfiltration, threatening victims with public data leaks unless ransoms are paid. LockBit has been particularly active in sectors such as healthcare, finance, and critical infrastructure, leveraging advanced techniques to evade detection.…
Read More
Summary: A sophisticated cyber campaign has been identified utilizing the fasthttp library to conduct brute-force login attempts and spam multi-factor authentication (MFA) requests targeting Azure Active Directory environments. The campaign, which began showing signs on January 6, 2025, is primarily driven by malicious traffic from Brazil and aims to overwhelm security mechanisms to gain unauthorized access to user accounts.…
Read More
Mandatory MFA, Biometrics Make Headway in Middle East, Africa
Summary: National governments and companies in the Middle East and Africa are increasingly adopting digital identity systems to enhance security and reduce cybercrime. With millions enrolled in biometric-based identity platforms, these regions are leveraging technology to improve authentication processes. Despite the rising cyber risks, investment in identity and access management technologies remains low compared to other cybersecurity priorities.…
Read More

Summary: The video discusses the top six cybersecurity projects for beginners to enhance their resumes and improve their chances of getting hired in 2025. Each project aims to provide hands-on experience and build technical skills essential for cybersecurity roles.

Keypoints:

Project 1: Securing Azure Active Directory – Learn to manage identities and access in cloud and hybrid environments, including user/group management and Azure AD domain services.…
Read More
Sophos MDR tracks two ransomware campaigns using “email bombing,” Microsoft Teams “vishing”
Sophos X-Ops’ Managed Detection and Response (MDR) has reported on two active threat clusters, STAC5143 and STAC5777, utilizing Microsoft Office 365 to infiltrate organizations for data theft and ransomware deployment. The tactics include email-bombing, fake tech support, and exploiting remote control tools. Both clusters exhibit overlapping techniques with known threat groups like FIN7 and Storm-1811.…
Read More
If you think you blocked NTLMv1 in your org, think again
Silverfort has uncovered a significant misconfiguration in Active Directory Group Policy that allows NTLMv1 authentications to persist despite attempts to disable it. This flaw poses a security risk for organizations using on-prem applications, as attackers can exploit this vulnerability to gain unauthorized access. Affected: Active Directory, NTLMv1

Keypoints :

Silverfort’s research reveals a misconfiguration in Group Policy that allows NTLMv1 authentications to continue.…
Read More
Researchers Find Exploit Allowing NTLMv1 Despite Active Directory Restrictions
Summary: Cybersecurity researchers have discovered that a misconfiguration in on-premise applications can bypass Microsoft’s Group Policy designed to disable NT LAN Manager (NTLM) v1 authentication. This vulnerability allows organizations to mistakenly believe they are protected against NTLMv1 attacks, while in reality, they remain exposed due to misconfigured settings.…
Read More
The Cyber Threat Responsible for the Biggest Breaches of 2024
Summary: Stolen credential-based attacks have surged, becoming the leading cyber threat in 2023/24, with a staggering 80% of web app attacks originating from this breach vector. Despite increased cybersecurity budgets, vulnerabilities remain due to inadequate MFA adoption and the rise of infostealer malware. This article explores the factors contributing to the rise in account compromises and offers recommendations for security teams to combat these threats.…
Read More
On January 14, 2025, Green Alliance Technology CERT reported that Microsoft released a security update addressing 159 vulnerabilities across various products, including Windows, Microsoft Office, and Azure. Among these, 12 critical vulnerabilities were identified, including remote code execution and privilege escalation flaws. Users are urged to apply the patches promptly to mitigate risks.…
Read More
Microsoft Patch Tuesday January 2025 Security Update Review Qualys ThreatPROTECT
January 2025 marks the release of Microsoft’s first Patch Tuesday, addressing 159 vulnerabilities, including 10 critical and 149 important. Among these, eight zero-day vulnerabilities have been patched, with three actively exploited. Key updates include fixes for various Microsoft products, notably in Windows and Microsoft Office. Affected: Microsoft Windows, Microsoft Office, .NET,…
Read More
Volt Typhoon: Analyzing Espionage Campaigns Against Critical Infrastructure
Volt Typhoon, a Chinese state-sponsored APT group, is known for targeting critical infrastructure in the US, UK, Canada, and Australia by exploiting vulnerabilities in outdated SOHO devices. Their stealthy tactics involve using legitimate tools to blend malicious activities with normal network traffic, making detection difficult. Affected: United States, United Kingdom, Canada, Australia

Keypoints :

Volt Typhoon is linked to espionage and information gathering targeting critical infrastructure.…
Read More
Hackers use FastHTTP in new high-speed Microsoft 365 password attacks
Summary: Threat actors are exploiting the FastHTTP Go library to execute rapid brute-force password attacks against Microsoft 365 accounts, with a notable success rate. This campaign, identified by SpearTip, began on January 6, 2024, and primarily targets the Azure Active Directory Graph API.

Threat Actor: Unknown | unknown Victim: Microsoft 365 | Microsoft 365

Key Point :

Brute-force attacks have a 10% success rate for account takeovers.…
Read More
Hack The Box Escape
This article provides a detailed walkthrough of the “Escape” machine on Hack The Box, focusing on Active Directory enumeration techniques and exploitation methods. The author shares insights gained from the experience, including working with Kerberos, NTLM, and Certificate Authority. Affected: Hack The Box

Keypoints :

The box “Escape” is rated Medium and is the author’s first Active Directory machine.…
Read More
Telefonica Breach: Infostealer Malware Opens Door for Social Engineering Tactics
Telefonica has confirmed a significant data breach involving unauthorized access to its internal ticketing system, resulting in the extraction of sensitive employee and operational data. The breach was facilitated by infostealer malware and social engineering tactics, compromising over 15 employees and exposing 24,000 email addresses, 500,000 JIRA issues, and 5,000 internal documents.…
Read More
Unmasking Play Ransomware: Tactics, Techniques, and Mitigation Strategies
Summary: The Play ransomware, linked to the North Korean Andariel group, employs sophisticated techniques during the lateral movement phase of attacks, exploiting vulnerabilities and leveraging legitimate tools to infiltrate networks. Organizations are urged to enhance their security measures to combat these evolving threats.

Threat Actor: Andariel Group | Andariel Group Victim: Various Organizations | Various Organizations

Key Point :

Play ransomware encrypts files and follows a double extortion model, stealing data before encryption.…
Read More
Hands-On Walkthrough: Microsegmentation For all Users, Workloads and Devices by Elisity
Summary: Elisity offers an innovative identity-based microsegmentation solution that addresses the challenges of traditional segmentation methods, particularly in healthcare and manufacturing sectors. By leveraging existing network infrastructure, it simplifies policy management and enhances security without requiring extensive hardware investments.

Threat Actor: Cybercriminals | cybercriminals Victim: Healthcare Organizations | healthcare organizations

Key Point :

Elisity’s Virtual Edge allows for microsegmentation without new hardware, using lightweight virtual connectors.…
Read More