Cybersecurity Science Project or Immediate Value: Which Do You Prefer?

Posted by Jeff Baker on Feb 14, 2019 2:40:04 PM

A C-suite IT executive recently told us about a nightmare cybersecurity implementation: after extensive network surgery and a seven-figure investment, the platform still wasn’t stood up three years later. This type of story is all too common, and among the many consequences, organizations can find themselves unprotected from common attacks (particularly credential compromise and stealthy admins) despite spending millions on point solutions. In a competitive infosecurity market, vendors are promising the world, yet project implementations can be plagued by delays and uncertainty, and sunk costs can mean security and IT teams’ hands are tied.

Read More

Topics: Informaton Security

New Microsoft Exchange Vulnerability Exposes Domain Admin Privileges: Here’s What to Do

Posted by Yaron Zinar on Feb 4, 2019 11:41:13 AM

Last week, the CERT Coordination Center (CERT/CC) issued a vulnerability note warning versions of Microsoft Exchange 2013 and newer are vulnerable to an NTLM relay attack that allows for attackers to gain domain admin privileges. Organizations that rely on Microsoft Exchange are currently at risk of a serious data breach. This attack is particularly concerning given that it obtains privileges to the domain controller, which is essentially the “keys to the kingdom.” We’ve simplified some of the specifics of this attack for the purposes of this blog, but for a full technical breakdown, please see research from Dirk-jan Mollema.

Read More

Topics: Microsoft, NTLM

The Emergence of Identity and Access Threat Prevention, as explained by 451 Research

Posted by Matt Culbertson on Feb 1, 2019 1:57:37 PM

Enterprises continue to embrace cloud-based architectures, and cloud services are a significant contributor to a forecasted $3.8 trillion in IT spending this year. But increasingly, organizations are finding the one-size-fits-all cloud approach to be obsolete. For many workloads and services, firms are surprisingly moving assets back to on-prem and hybrid environments to address unique challenges like network complexity and a chronic shortage of security staff.

Read More

Topics: Identity

Three Ways to Limit the Cybersecurity Impact of the Government Shutdown

Posted by Monnia Deng on Jan 25, 2019 10:25:25 AM

UPDATE (Jan. 25): Recent news reports state a deal has been reached to re-open the federal government through Feb 15. The issues outlined in this blog continue to apply to public and private sector organizations.

As many of you may have read in the news recently, the government shutdown has had a negative impact on both federal and enterprise security. Krebs on Security has reported possible consequences of the government shutdown on the talent pool, such as federal employees actively being recruited by the private sector, as well as delays on security clearances. Duo Security’s news arm, Decipher, has also done a great job laying out potential government shutdown impacts on enterprise security, including delays on NIST guidelines and standards, and closure of FIPS validation sites.

Read More

Topics: Hacking, Credential Compromise, Risk

With ⅓ of Enterprises Suffering from Weak or Exposed Passwords, Is Hollywood Part of the Problem?

Posted by Matt Culbertson on Jan 18, 2019 1:38:10 PM

What password would you use for a bank account soon to be worth $120 million?

Read More

Topics: Passwords, Credential Compromise

Making Privileged Access Management Complete: Find the JIM to your PAM

Posted by Monnia Deng on Jan 10, 2019 1:50:15 PM

You read that right. In a shameless reference to the Office, I want to be the JIM to your PAM. Jim and Pam’s relationship was undeniable from the start: both of them had a mutual understanding and fit. While they constantly denied their relationship, it was evident that being together made them stronger and better.

Read More

Topics: Privileged Accounts, Privileged Users

Catching Bloodhound Before it Bites

Posted by Nir Yosha on Jan 3, 2019 9:29:32 AM

BloodHound is a public and freely available tool that uses graph theory to automate much of the confusion behind understanding relationships in an Active Directory (AD) environment. It allows hackers and pentesters to know precisely three things: which computers give admin rights to any user, which users effectively have admin rights to any computer, and effective group membership information (see Image 1). Because Bloodhound can be used maliciously, organizations need to better understand how it is being used, how to protect privileged users, and how to prevent attacks.   

Read More

Topics: Adaptive Threat Prevention, Attack Tools, Threat Detection

Happy Holidays! Here’s your Business Email Compromise (BEC) gift card scam

Posted by Monnia Deng on Dec 24, 2018 9:21:00 AM

Deck the hall with sad employees, Fa, la, la, la, la, la, la, la, la! 

'Tis the season to be swindled, Fa, la, la, la, la, la, la, la, la!

Read More

Topics: User Behavior, Threat Mitigation

Enterprises continue to suffer from poor password hygiene and a lack of visibility & control over privileged users

Posted by Yaron Zinar on Dec 19, 2018 6:08:06 AM

It has been more than a year since I last shared Preempt Inspector statistics. Last time we shared Preempt Inspector statistics we found some alarming numbers. With the end of 2018 approaching, I would like to share with you key findings from Preempt Inspector [a free security tool available to download here] to help you focus on the most important security issues you might be facing.

Read More

Topics: Stealthy Admin, Passwords, Privileged Users, Insider Threats

Is Your Organization at Risk Because a Local Administrator Has a Weak Password?

Posted by Marina Simakov on Dec 18, 2018 7:32:55 AM

In July, media reported that SingHealth, Singapore’s largest health organization, was breached with 1.5 million medical records stolen. The stolen records included those of Singapore’s prime minister Lee Hsien Loong. Consequently, a special inquiry had taken place, revealing that SingHealth had several security gaps and vulnerabilities which could have easily been exploited by attackers, including a local administrator account with a very weak password (P@ssw0rd). In fact, one of the ways which enabled the attackers to move laterally in the network was by using compromised Citrix local accounts.

Read More

Topics: Stealthy Admin, Passwords