Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

In the wake of escalating cyber-attacks and data breaches, the ubiquitous advice of “don’t share your password” is no longer enough. Passwords remain the primary keys to our most important digital assets, so following password security best practices is more critical than ever. Whether you’re securing email, networks, or individual user accounts, following password best practices can help protect your sensitive information from cyber threats.

Compromising privileged accounts is the penultimate objective of most cyberattacks — once attackers gain privileged access, they can then accomplish their final goal, whether that’s to steal or encrypt information assets or disrupt business operations. Typically, cybercriminals gain a foothold in a network by compromising of a low-level account on a local machine.

The push for data privacy has exploded in recent years, with regulations such as the EU’s General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA) leading the charge. This means consumers around the globe are gaining rights regarding how their data is collected, stored, processed and sold, as well as more ways to hold companies accountable when poor data security practices lead to data breaches involving personally identifiable information (PII).

The Windows registry is a database that contains important information about your computer — users, preferences, applications, attached devices and much more. The Windows operating system constantly refers to the registry; for example, to open a program, install new software or change your hardware, Windows must check the values of certain registry keys.

Local WMI querying is straightforward to implement and troubleshoot — but remote WMI querying is another story. Indeed, setting up secure remote WMI querying for a user with no admin rights is a daunting task. This blog can help. I’ll walk you through the steps I used to enable a standard domain user to query the Microsoft SQL Server WMI namespace class on a Windows Server 2012 R2 running Microsoft SQL Server 2016.

Mimikatz is a popular post-exploitation tool that hackers use for lateral movement and privilege escalation. While Mimikatz is quite powerful, it does have some important limitations: As a result, other toolkits have been created to complement Mimikatz. This article explains how three of them — Empire, DeathStar and CrackMapExec — make attacks easier for adversaries.

Imagine being named XYZ in a crowd of other XYZs – a purposeless name that creates confusion and does not communicate a purpose, adding to the cognitive pile of everyone’s day-to-day tasks. Similarly, Active Directory groups created by users need to have logical names so that current and future users do not find themselves stuck in a pickle.

IT risk assessments are vital for cybersecurity and information security risk management in every organization today. By identifying threats to your IT systems, data and other resources and understanding their potential business impacts, you can prioritize your mitigation efforts to avoid costly business disruptions, data breaches, compliance penalties and other damage.

Even if you have implemented a Zero Trust security paradigm for network and infrastructure security, you need to plan for the inevitable — at some point, an attacker will get into your network with the intent to deploy ransomware or cause other damage A typical attack goes something like this: There is a misconception that lateral movement threats are limited to on-prem networks.

There is an old saying: “One person’s tool is another person’s weapon.” That is certainly true of Windows PowerShell. Included with every Windows operating system today, this powerful command-line shell and scripting language is used by IT professionals for system administration, remote management, cybersecurity, software development and more.