IT security under attack: Why are group memberships so crucial?

Security groups either make or break your IT security. Group memberships are responsible for administrative access in your your network and define access to other privileged resources and data on your domain. Ever wondered how a simple misconfiguration… Continue reading IT security under attack: Why are group memberships so crucial?

VMware Rolls a Fix for Formerly Critical Zero-Day Bug

VMware has issued a full patch and revised the severity level of the NSA-reported vulnerability to “important.” Continue reading VMware Rolls a Fix for Formerly Critical Zero-Day Bug

IT security under attack blog series: Instant domain persistence by registering a rogue domain controller

In this blog in the IT security under attack series, we will learn about an advanced Active Directory (AD) domain controller (DC) attack to obtain persistence in AD environments.
Dubbed DCShadow, this is a late-stage kill chain attack that …
The post I… Continue reading IT security under attack blog series: Instant domain persistence by registering a rogue domain controller

Critical VMware Zero-Day Bug Allows Command Injection; Patch Pending

VMware explained it has no patch for a critical escalation-of-privileges bug that impacts both Windows and Linux operating systems and its Workspace One. Continue reading Critical VMware Zero-Day Bug Allows Command Injection; Patch Pending

APT Exploits Microsoft Zerologon Bug: Targets Japanese Companies

Threat actors mount year-long campaign of espionage, exfiltrating data, stealing credentials and installing backdoors on victims’ networks. Continue reading APT Exploits Microsoft Zerologon Bug: Targets Japanese Companies

Linux: Can unprivileged users tamper with processes running under their own identity?

Having the following pseudocode executed by a superuser, is it safe to assume that it is secure on Linux?
if fork() == 0:
# drop privileges to an unprivileged user, let’s say "nobody"
# perform various tasks, start other pr… Continue reading Linux: Can unprivileged users tamper with processes running under their own identity?