Active Directory Fundamentals

Active Directory objects: All you need to know

April 9, 2021
What you’ll learn: Active Directory (AD) is a directory service introduced by Microsoft as a centralized network resource management system. This network is comprised of entities that represent real users or network resources, and the entities are called Active Directory objects. AD objects can be of several types based on what they represent and their function. In this article, we shall…
Read more
Recent AD News

2020 recorded the highest number of CVE’s to ever be reported

April 9, 2021
In an analysis carried out by the National Institute of Standards and Technology (NIST) on common vulnerabilities and exposures, it has been found that 2020 holds the record for the highest reports of security loopholes than any other year to date. The report shows that, in the year 2020 alone, as much as 18,103 vulnerabilities were reported with almost 10,342 of them classified as high or…
Read more
Recent AD News

Microsoft announces Azure Best Practices and Launches Conditional Access Enhancements

April 9, 2021
Joy Chik, corporate vice president for Microsoft Identity, recently laid out a general overview of Azure AD security best practice. This announcement comes in the light of improvements that were recently announced to Azure Active Directory including conditional access policy management enhancements and synchronization service additions. Microsoft has suggested that companies using Azure AD…
Read more
Recent AD News

Accellion Zero-Days Responsible for Recent Data Theft and Extortion Attacks

April 9, 2021
A recent string of attacks consisting of data threats and extortion have been linked to the the Accellion File Transfer Appliance’s CVE’s. Cybersecurity researchers said that a cybercrime group called UNC2546 was responsible for the two month long attack The crime group exploited multiple zero-day vulnerabilities in the legacy FTA software to install a new web shell named DEWMODE on victim…
Read more
Recent AD News

SolarWinds Puts the Blame on their Intern for the Supply Chain Attack

April 9, 2021
As cyber-researchers look into the Solarigate supply chain attack and measure it’s true impact, the company blamed one of its intern for a critical password lapse that went unnoticed for several years. The password is said to have been “solarwinds123” and is believed to have been publicly accessible via a GitHub repository since June 17, 2018, before the issue was rectified on November…
Read more
Recent AD News

Ransomware attack costs Universal Health Services $67 Million

April 9, 2021
Universal Health Services (UHS) in its recent earnings report revealed that a ransomware attack last fall, left them with a whopping pre-tax loss of $67 million. In the report, UHS referred to the cyberattack as an “information technology security incident” and said that the incident forced them to suspend user access to several technology applications in the US during the…
Read more
Recent AD News

National Security Agency asks organizations to embrace the Zero-Trust security model

April 9, 2021
The National Security Agency (NSA) has released Cybersecurity Information Sheet: Embracing a Zero Trust Security Model, which provides information about, and recommendations for, implementing Zero Trust within networks. The Zero Trust security model is a set of IT system design principles and a cybersecurity strategy based on the fact that threats exist both inside and outside traditional…
Read more
Recent AD News

Microsoft 365 update ensures connectivity even during uncertain internet access conditions

April 9, 2021
Microsoft 365 users can breathe a sigh of relief as the company is updating its policy regarding offline access of applications. The previous policy stated that the devices must connect to the internet at least once every 30 days to ensure that all apps are up to date. Now, the time-frame has been extended to 180 days, and this will help remote users and other workers who may be working for long…
Read more
Recent AD News

IBM patches critical flaw that could allow remote attackers to execute code

April 9, 2021
IBM patched a critical buffer-flow error that affected its Integration Designer toolset. The error has the potential of being exploited to enable the execution of remote codes. The flaw (CVE-2020-27221) was critical in severity as it has a CVSS base score of 9.8 out of 10. The critical flaw originated from an issue in versions 7 and 8 of Java Runtime Environment (JRE), which is a software layer…
Read more
Recent AD News

Clubhouse audio data breached after third-party developer creates Android app

April 9, 2021
Clubhouse, the iOS-only audio-based social app that has been on the news for quite a while, is trending now for not-so-great reasons. A third-party developer from mainland China designed an open-source app for Android that allowed users to access the audio platform’s service. The developer posted the source code on Github and said that the app allowed anyone to access personal audio sessions…
Read more