incident-response Archives - Windows Active Directory

Incident Response Playbooks Security Operations for Identity

Use Protected Groups for critical OU containment

October 24, 2025

Using Protected Groups for critical OU containment “OU containment” is supposed to be your safety boundary: admins can manage what’s inside an OU, but they can’t casually reach outside it. In real Active Directory environments, that boundary often fails in subtle ways—mostly because of privileged group membership, inherited rights, and…

How to build a response playbook for AD compromise

August 22, 2025

Building a Response Playbook for Active Directory Compromise (Step-by-Step) Incident Response Active Directory Security Containment & Recovery When Active Directory (AD) is compromised, the attacker isn’t just “in one server” — they often have the keys to your identity kingdom. …

Identity News & Updates News & Updates

Lapsus$ gang 'back from vacation' with a 70 GB data breach

March 31, 2022

Lapsus$, an infamous cybercrime gang, had previously breached high-profile companies such as Microsoft, NVIDIA, and Samsung. Recently they claimed responsibility for the data breach targeting Globant, a Luxembourg-based software service company, thereby announcing their return after a brief ‘vacation’. An message regarding the attack was shared on Lapsus$’ official Telegram…

Identity News & Updates News & Updates

Samsung confirms security breach, about 190 GB of data leaked online.

March 9, 2022

Samsung has confirmed a security breach after hacking group – Lapsus$ stole and exposed about 190 gigabytes of proprietary data, including source code for numerous technologies and algorithms for biometric unlock operations. The same group had previously broken into Nvidia and leaked hundreds of employee credentials on the internet. “We were recently made aware that there was a…

Identity News & Updates News & Updates

650+ compromised credentials found to be in use within NEW Cooperative-the latest organization hit by ransomware

October 4, 2021

NEW Cooperative, an Iowa-based farm cooperative was recently hit by a ransomware attack that forced it to take its systems offline. NEW Cooperative has operations in over 50 locations and provides a variety of digital and software services to its network of farmers. The ransomware group BlackMatter is reportedly behind the attack. Security experts believe that BlackMatter is either being run by…

Identity News & Updates News & Updates

Multiple airlines suffer data breach due to supply-chain cyberattack, frequent-flyer list compromised

April 9, 2021

SITA Passenger Service System (SITA PSS), a communications and IT service provider for 90 percent of the world’s airline companies, suffered a massive data breach. The company calls the attack that targeted its U.S servers in Atlanta a “highly sophisticated attack.” Singapore Airlines, a company that uses SITA’s services, reported that over 580,000 customers were affected. The total…

Identity News & Updates News & Updates

CISA and CrowdStrike Tools Make Detecting Compromised Microsoft 365 Accounts Easier

February 8, 2021

CISA and CrowdStrike Tools Make Detecting Compromised Microsoft 365 Accounts Easier The Cybersecurity and Infrastructure Security Agency (CISA) recently released a PowerShell-based tool to help organizations detect compromised accounts and applications in Microsoft Azure and 365. Following the SolarWinds attack in late 2020, which used malicious SolarWinds files that could have given…

incident-response

Use Protected Groups for critical OU containment

How to build a response playbook for AD compromise

Lapsus$ gang 'back from vacation' with a 70 GB data breach

Samsung confirms security breach, about 190 GB of data leaked online.

650+ compromised credentials found to be in use within NEW Cooperative-the latest organization hit by ransomware

Multiple airlines suffer data breach due to supply-chain cyberattack, frequent-flyer list compromised

CISA and CrowdStrike Tools Make Detecting Compromised Microsoft 365 Accounts Easier

Featured Posts

What is Azure Data Factory (ADF)?

How to demote a Domain Controller: A step-by-step guide

Healthcare data Breaches down almost 50 percent in the first month of 2021

Popular with Readers

Active Directory Users and Computers (ADUC) - An introduction and installation guide

Active Directory Sites

Active Directory Password Policy

Recently Added

Using GPO to enforce firewall rules in Windows

Using attribute editor to manage userAccountControl in AD

Force AD Replication for User Synchronization Issues: Commands, Validation, and Troubleshooting

ManageEngine among notable vendors in Forrester’s report

5 ways to mitigate the rising threat of identity sprawl

6-step guide to Enhance Hybrid IT Security

SysAdmin Toolkit

Group Policy Guide

incident-response

Featured Posts

Popular with Readers

Recently Added