Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Active Directory (AD) is a critical component of many organizations’ IT infrastructure. It provides a centralized repository for user and computer accounts, as well as a variety of other services. As a result, AD is a common target for attackers and there has been no shortage of AD attacks in the headlines. In this blog post, we will dive into the depths of LLMNR and NBT-NS poisoning, understanding their mechanisms, implications, and ways to mitigate the risks they pose.

We’ve all heard the cliché, “Change is the only constant.” Sure, it’s been overused to a point where it may have lost its meaning, but that doesn’t change the fact that this statement is true—and it couldn’t be more apt when describing the global tech landscape.

Cybersecurity challenges continue to grow in impact and complexity, especially as they relate to government and Defence information. In response to increasing hacking and cyber attacks, the Department of Defense (DoD) has released the DFARS and CMMC information management and cybersecurity standards to reduce the risk of system compromises within government agencies and the defense industrial base (DIB) that supports them.

Digital transformation has changed the way people make purchases. The growth of ecommerce has led to credit cards becoming one of the most widely used payment methods, but mismanagement could jeopardize the integrity and security of company and customer data.

The attack surface is where you can understand what you have exposed and whether you should take action on it. Previously, users couldn’t see which assets were vulnerable from the Attack Surface view – it was only possible to view vulnerable assets from the Vulnerabilities page, which required more time. Viewing vulnerabilities on the Attack Surface page will help you better prioritize which assets you need to take action on.

On July 5th, 2023, Progress Software released a security advisory for a new critical SQL injection vulnerability, CVE-2023-36934, among two other high severity vulnerabilities impacting the MOVEit Transfer web application. These vulnerabilities were responsibly disclosed to Progress Software by researchers at HackerOne and Trend Micro’s Zero Day Initiative.

Deception technology is a cybersecurity strategy that utilizes decoys to gather information about current threats and attack methodologies used by cybercriminals. The premise of this approach is to offer some sort of bait in your network, such as a fake database that looks like a legitimate one, that attackers will find too enticing to pass up.

Sysmon is a component of Microsoft’s Sysinternals Suite, a comprehensive set of tools for monitoring, managing and troubleshooting Windows operating systems. Version 13 of Sysmon introduced monitoring for two advanced malware tactics: process hollowing and herpaderping. This article explains what these tactics are, why they are so dangerous and how you can now detect them using Sysmon.