Introducing StealthAUDIT 11.5! Complete your cloud security puzzle. LEARN MORE


And other things that keep you up at night

Blog >Security

Browsed By
Category: Security

Zerologon: From Zero to Hero – Part 2

| Kevin Joyce | | 1 Comment
How Does it Work? In Part 1 of this blog series (What is Zerologon?), we discussed how Zerologon exploits a vulnerability in NetLogon that allows a malicious actor on your network to take over a Domain Controller (DC), and eventually your entire domain. Now let’s dive into the specifics of how Zerologon works. Using Mimikatz to Execute the Zerologon Exploit For starters, you can easily identify if a target domain controller is vulnerable to the Zerologon exploit with Mimikatz by runn…

Zerologon: From Zero to Hero – Part 1

| Kevin Joyce | | 1 Comment
What is Zerologon? Zerologon exploits a vulnerability in NetLogon that allows a malicious actor on your network to take over a Domain Controller (DC), and eventually your entire domain. Since this attack requires no authentication and only network access, it has been given a CVSS score of 10.0 (the highest score available). At a high level, an unauthenticated attacker is able to use NetLogon Remote Protocol to connect to a Domain Controller and change the DC password to something they know…

What is Privacy by Design?

| Farrah Gamboa | | 1 Comment
In this era of big data, it is in an organization’s best interest to seek to safeguard their critical data assets, especially sensitive data, to the best of their ability. However, data breaches continue to occur, and according to certain studies, are happening every minute. And now with more consumer data being collected than ever, these breaches pose a real problem not only to an organization’s operations but to their credibility. But imagine if data security, and possibly more importantly …

Data Privacy Essentials: #1 – Don’t Put Your Data at Risk. #2 – Don’t Forget #1

| Adam Rosen | | 1 Comment
In my last blog, I stated that “data security can be achieved without data privacy, but you can’t effectively fulfill data privacy without data security. When it comes to complying with regulations, or protecting against breaches, if you don’t know your data, you won’t be able to justify it to a regulator, or safeguard it from malicious intent.” Complex, Heterogeneous Data Infrastructure Challenges Once you’ve discovered all the data in your organization, you can then write a report. Ho…

Data Privacy and Security are Two Sides of the Same Coin

| Adam Rosen | | 1 Comment
Two things can be inherently related, even though they are thought of differently. Examples abound, from tragedy and comedy, to fear and elation. Many pairs just go hand in hand; like privacy and security.   Flipping a coin to resolve a decision will cause one person to win, and the other to lose. The same can be said for data privacy. Without data security, data privacy will be limited at best. The controls over data privacy are juxtaposed with the discovery, classification, access, …

Easily Prevent More Breaches by Simply Preventing Bad Passwords

| Rod Simmons | | 1 Comment
A recent cyber-attack on the Canadian government was successful because of a well-known attack technique, credential stuffing. If you’re not familiar, credential stuffing is just taking credentials from one breach and using it to compromise a new organization.  It is successful because 62% of people reuse personal passwords on work systems. News of this attack broke on Monday, August 17, 2020, and it highlights how real the cyberattack risk is for every organization. Th…

Data Security vs Data Privacy

| Farrah Gamboa | | 1 Comment
Data is quite possibly the most critical asset within any organization and is at the heart of most, if not all, cyberattacks. Organizations struggle to implement the appropriate processes to ensure data is being protected from both internal and external threats. When talking about protecting data, Data Security and Data Privacy go hand in hand. In order to ensure data privacy, the appropriate data security controls need to be in place. It’s important to understand the difference between these…

Back to “The Basics” Blog Series

| Gerrit Lansing | | 1 Comment
Webinar Preview: Back to “The Basics” – Pragmatic advice from Gavin Ashton, author of “Maersk, me, & notPetya” Part 1 – Ransomware The origins of modern ransomware trace back all the way to the AIDS trojan of 1989. Its use of simple symmetric cryptography and gentle extortion of $189 seems almost infantile compared to the techniques used and extortions of today. In the midst of a global pandemic, ransomware has been on the rise – economically motivated actors would never m…

A History of Passwords

| Troy Hunt | | 1 Comment
The following blog post was created using an excerpt from the Stealthbits Technologies/emt Distribution presentation “Prioritizing Password Security with Troy Hunt: The Good, the Bad, and the Ineffective”. Please see here to view the complete presentation. Let’s talk about passwords. In particular, let’s talk about where we’ve come from, where we are at the moment, and where things are going in the future. The history lesson of passwords is enormously important because it help…

What is the SigRed vulnerability in Windows DNS Server?

| Joe Dibley | | 1 Comment
What is it? SigRed, CVE-2020-1350, is a remote code execution vulnerability in the Microsoft Windows DNS server that was publicly disclosed on July 14, 2020, by Israeli cybersecurity firm Check Point.   When a DNS server receives a query for a domain it isn’t responsible (authoritative) for it asks a DNS server further up the hierarchy which DNS server is, and then queries that DNS server for the record. The vulnerability exists in how the Windows DNS server parses t…




© 2022 Stealthbits Technologies, Inc.

Start a Free Stealthbits Trial!

No risk. No obligation.