Active Directory Attacks Hit the Mainstream

Understanding the limitations of authentication protocols, especially as enterprises link authentication to cloud services to Active Directory, is essential for security teams in the modern federated enterprise. There was a time when attacks against identity and authentication infrastructure were the domain of well-financed and, likely, state-backed threat actors. These groups…

read more

Malicious USB Drive Hides Behind Gift Card Lure

Enterprise VulnerabilitiesFrom DHS/US-CERT’s National Vulnerability Database CVE-2020-5292PUBLISHED: 2020-03-31 Leantime before versions 2.0.15 and 2.1-beta3 has a SQL Injection vulnerability. The impact is high. Malicious users/attackers can execute arbitrary SQL queries negatively affecting the confidentiality, integrity, and availability of the site. Attackers can exfiltrate data like the users’ and admini……

read more

Open Cybersecurity Alliance Releases New Language …

Enterprise VulnerabilitiesFrom DHS/US-CERT’s National Vulnerability Database CVE-2015-3006PUBLISHED: 2020-02-28 On the QFX3500 and QFX3600 platforms, the number of bytes collected from the RANDOM_INTERRUPT entropy source when the device boots up is insufficient, possibly leading to weak or duplicate SSH keys or self-signed SSL/TLS certificates. Entropy increases after the system has…

read more