Collaborate Disseminate
Microsoft today issued a new security advisory warning billions of Windows users of two new critical, unpatched zero-day vulnerabilities that could let hackers remotely take complete control over targeted computers.
According to Microsoft, both unpatc… Continue reading Warning — Two Unpatched Critical 0-Day RCE Flaws Affect All Windows Versions
The Cybersecurity Advisory of the National Security Agency (NSA) has recently uncovered a critical Windows CryptoAPI Spoofing Vulnerability in Windows 10 operating systems. Dubbed NSACrypt, the security flaw found in the Crypt32.dll module enables remo… Continue reading Microsoft Patch Tuesday busts ‘NSACrypt’ vulnerability in Windows OS
The Cybersecurity Advisory of the National Security Agency (NSA) has recently uncovered a critical Windows CryptoAPI Spoofing Vulnerability in Windows 10 operating systems. Dubbed NSACrypt, the security flaw found in the Crypt32.dll module enables remo… Continue reading Microsoft Patch Tuesday busts ‘NSACrypt’ vulnerability in Windows OS
Request for Comments (RFC) 1823 from August 1995 introduced the Lightweight Directory Access Protocol (LDAP) Application Programming Interface (API). One could argue that this important work served as the foundation for modern identity management. And … Continue reading Toughen Up Your AD
In part 1 of this blog post, I talked about the threat that DCShadow poses to organizations that use Microsoft Active Directory (AD). Here in part 2, I’ll talk about steps you can take to protect your organization. (Quick recap: DCShadow is a fea… Continue reading Why Most Organizations Still Can’t Defend against DCShadow – Part 2
Update — With this month’s patch Tuesday updates, Microsoft has finally addressed this vulnerability, tracked as CVE-2019-1162, by correcting how the Windows operating system handles calls to Advanced Local Procedure Call (ALPC).
A Google security res… Continue reading Google Discloses 20-Year-Old Unpatched Flaw Affecting All Versions of Windows
Cybersecurity researchers have discovered a new variant of WatchBog, a Linux-based cryptocurrency mining malware botnet, which now also includes a module to scan the Internet for Windows RDP servers vulnerable to the Bluekeep flaw.
BlueKeep is a highl… Continue reading Linux Botnet Adding BlueKeep-Flawed Windows RDP Servers to Its Target List
DCShadow is a readily available technique that allows an attacker to establish persistent privileged access in Active Directory (AD). Specifically, DCShadow allows an attacker with privileged access to create and edit arbitrary objects in AD without an… Continue reading Why Most Organizations Still Can’t Defend against DCShadow
Microsoft today released its monthly batch of software security updates for the July month to patch a total of 77 vulnerabilities, 14 are rated Critical, 62 are Important, and 1 is rated Moderate in severity.
The July 2019 security updates include pat… Continue reading Microsoft Releases July 2019 Security Updates, 2 Flaws Under Active Attack
It’s been just over two years since WannaCry, the ransomware that exploited the EternalBlue vulnerability to infect hundreds of thousands of computers around the world and inflict an estimated $8B in damages. If history repeats itself, we’r… Continue reading NSA sounds the alarm on BlueKeep: Windows vulnerability opens the door for the next WannaCry