What’s up with attacks on identity systems? New guidance for vulnerabilities that could allow attackers to take over
#Windows
domains, the weaponization of the
#Log4J
vulnerability by
#Conti
group, and new activity from the Cuba
#ransomware
group:
#Cyberattackers
are always devising new ways to compromise
#ActiveDirectory
. In this post, Semperis Researcher Yuval Gordon explores a little-known DACL tactic that attackers can use to hide membership from a group and possibly evade detection.
Is your hybrid identity environment vulnerable to a
#cyberattack
? On-premises
#ActiveDirectory
and
#AzureAD
are unique—but they’re not separate. Find out how Semperis DSP helps protect your hybrid
#identity
system:
New research from Semperis' Charlie Clark (
@exploitph
) describes a vulnerability that could open new attack paths, detection bypasses, and potential weakening of security controls, putting orgs at higher risk from
#Kerberoasting
and other attacks. 👇
With the transition to hybrid
#identity
environments, organizations must defend against a rise in attacks that enter companies through on-premises
#AD
, then move to the cloud. DSP 3.6 aims to help detect and remediate security risks, reports
@SCMagazine
.
#AzureAD
admins, beware:
#Cyberattackers
can use SMTP matching to obtain privileged access via eligible role assignments. In this post by
@SemperisTech
Security Researchers Sapir Federovsky and Tomer Nahum, learn how- and how to stop them.
What’s new in the
#identity
threat landscape? An attack on US broadcast company Sinclair, Microsoft’s warnings about delegating privileges to service providers, a second BlackMatter attack on Olympus, and more.
Check out the October Identity Attack Watch:
Research from Enterprise Management Associates (EMA) and Semperis finds that unknown vulnerabilities top the list of
#ActiveDirectory
security concerns of IT security practitioners. Read more here:
📥 Download the report now at .
Semperis’
#Hacker
in Residence,
@Sidragon1
, joined
@JillAitoro
to discuss the reality breached companies face as they “have to go look in the mirror and ask, 'why didn’t we see it? We have multi-billion dollar systems in place that should detect this,' ”
Privilege escalation is a prime tool for attackers to infiltrate your
#ActiveDirectory
--and from there, anything they want. Learn more about a vulnerability that can enable
#cyberattackers
to target AD Certificate Services and take over your domain.
Although the threat landscape is continually expanding, organizations can improve their security posture by addressing the identity-related vulnerabilities covered in the
#ActiveDirectory
Security Halftime Report. 📥 Download the report for free at .
How secure is your
#ActiveDirectory
environment? Find out with
#PurpleKnight
, a free
#security
assessment tool that uncovers dangerous misconfigurations attackers can use to steal data and launch
#malware
campaigns.
#ActiveDirectory
has become the Achilles' Heel of organizations' security programs. Why? It's the beating heart of access to business-critical resources and systems.
Use this guide to prepare your company for a complete overhaul of your AD program:
Looking for proactive steps you can take to protect your company from a
#ransomware
-as-a-service (
#RaaS
) attack similar to the
#ColonialPipelineHack
? Check out these resources and request FREE access to the security vulnerabilities tool,
#PurpleKnight
:
Shifting to a hybrid identity management model in an
#ActiveDirectory
-centric environment has rewards—and risks. Doug Davis, Semperis Senior Product Manager, offers security considerations to watch for when integrating
#AzureAD
with on-prem AD.
Finding it hard to keep track of the increasing
#cyberattacks
targeting
#ActiveDirectory
? The new Identity Attack Watch roundup from our Research Team offers a monthly digest of recent incidents to help IT pros better understand and guard against threats.
How do you defend
#ActiveDirectory
, aka the “keys to the kingdom,” if you don’t know where the attacks are coming from?
In this webinar,
@grouppolicyguy
+
@_wald0
demonstrate real-world attacks used against AD.
APRIL 2ND
2 pm ET
REGISTER NOW 👉
#ActiveDirectory
is like air… you don't notice it until it's gone.
We surveyed over 350 identity-centric security leaders on the current state of cyber preparedness as it relates to recovering AD from
#ransomware
and wiper attacks.
Read the results:
Finding it hard to keep track of all the recent identity-related cyberattacks? This month’s
#IdentityAttack
Watch roundup includes the
#Microsoft
Exchange
#Hafnium
attack, a breach of Verdaka’s video platform, and
#ransomware
attack on retailer FatFace.
Is your AD environment susceptible to attacks that leave no trace?
Semperis Chief Technologist
@GGrillen
discusses the many ways current
#ActiveDirectory
attacks evade traditional
#SIEM
monitoring—and what you can do about it.
#PetitPotam
: Another high-impact attack vector on
#Windows
domains that is relatively easy to carry out—but difficult to mitigate. Read more about the background and guidance for detecting and mitigating PetitPotam:
With the continual threat of
#cyberattacks
, recovering
#ActiveDirectory
comes with a new set of challenges, including:
➡️ Restoring AD to clean servers
➡️ Restoring AD without reintroducing
#malware
in system state or bare-metal backups
Full report:
Where should practitioners invest time now to get ready to be CISOs in 2022 and beyond?
#ICYMI
To help cut through some of the noise, we partnered with
@RedmondIT
to convene leading CISOs in a discussion about the most critical aspects of the role.
Identity-related supply-chain attacks lead this month’s Semperis
#Identity
Attack Watch, a roundup of recent incidents including breaches at JBS, FujiFilm, and more—plus details about the tactics used in the
#ColonialPipeline
attack.
Check out this month’s Semperis Identity Attack Watch, a roundup of recent incidents including a state-sponsored attack on a U.S. local government, the
#ColonialPipeline
attack, the
#MountLocker
attack that exploited Windows
#ActiveDirectory
APIs, and more.
Attackers love
#ActiveDirectory
misconfigurations and use them to gain
#privilegedaccess
and move through compromised systems. These seven configuration issues are often exploited. Check your hybrid AD environment for them—ASAP!
What's up with identity attacks from this past month? The Semperis Research Team highlights a CISA warning about May Windows updates, Conti
#cyberattacks
on the Costa Rican government, and a credential stuffing attack that compromised GM car owners’ data.
Check out this month’s Semperis
#Identity
Attack Watch, a roundup of recent incidents, including a report of a new
#ransomware
called
#Cring
that exploits vulnerabilities in VPN servers by compromising
#authentication
credentials.
#ProxyShell
, PetitPotam,
#LockBit
2.0…what else is new?! This month’s
@SemperisTech
Identity Attack Watch covers LockFile’s use of ProxyShell and
#PetitPotam
flaws, surging LockBit 2.0 attacks, expanding Hive exploits, and more.
To celebrate National
#CybersecurityAwarenessMonth
, here is a list of 10 amazing women you need to be following. Even though October is coming to an end, the fight against cyber attackers will continue to intensify. Always remember to do your part.
🔗:
🚨 BREAKING NEWS 🚨
Today we’re proud to announce our Series B round led by
@insightpartners
, with participation from existing backers. The growth funding will support our global expansion and accelerate hiring across all functional areas.
Learn more:
#Gartner
has identified new ransomware models as the greatest emerging risk for organizations. Are you ready?
@GGrillen
discusses how reliable,
#malware
-free
#ActiveDirectory
backups are key to protecting your IT services and business operations.
In this month’s
#Identity
Attack Watch, the Semperis Research Team highlights BlackCat attacks that triggered an FBI warning, a
#Conti
group attack on Panasonic, a Hive hit on a California health company, and more.
We are proud to announce that Semperis is a finalist in this year's
@CyberSec_Awards
for Start-up of the Year, AND our Hacker in Residence,
@Sidragon1
, is shortlisted for Personality of the Year!
The
#cyberawards2020
recognizes excellence and innovation in
#cybersecurity
🎉
What can modern
#cybersecurity
learn from ancient adversaries?
@Sidragon1
breaks down how you can apply techniques used to fend off enemies throughout ancient history by emperors, warriors, and soldiers to the high-tech environments of today.
Meet
#ForestDruid
, a new free attack path discovery tool from
#Semperis
that helps defenders define the true Tier 0 perimeter, scan
#activedirectory
for high-risk violations, and prioritize locking down privileges to Tier 0 assets:
With
#ransomware
attacks on the rise,
#ActiveDirectory
recovery is critical to keep businesses up and running. We're thrilled that Semperis ADFR has been recognized as a finalist by
@SCMagazine
for Best Disaster Recovery Solution!
🔗
Goodbye,
#RedForest
—
@grouppolicyguy
breaks down Microsoft's new privileged access management strategy for
#ActiveDirectory
, which replaces the previous "Red Forest" approach.
Here's what you need to know before implementing the new guidance:
“Changes in permissions are by far the biggest security risk when it comes to implementing hybrid
#identity
management.” - Semperis Senior Product Manager, Doug Davis
#IDMgmtDay
UPCOMING
#WEBINAR
| April 22nd at 11 am PDT
Following the launch of
#PurpleKnight
,
@grouppolicyguy
and Ran Harel share insights on the tool that evaluates security weaknesses in
#ActiveDirectory
configurations.
Register for the session now at,
Do you know your
#ActiveDirectory
security vulnerabilities? In this new post,
@shorinsean
steps through the types of
#security
holes threat actors use—including configuration mistakes and unpatched vulnerabilities—to attack AD environments.
“The fact that
#malware
explicitly targets domain controllers underscores how critical it is to properly configure, monitor, and be in position to recover your core identity platform,
#ActiveDirectory
.”
@gkirkpatrick
, Chief Architect at Semperis
On this
#MalwareMonday
, we're asking the question: When was the last time you tested your
#ActiveDirectory
recovery plan? Just as necessary, is your AD recovery plan updated to include cyber scenarios such as a
#ransomware
or
#wiperattack
?
Read more:
🎉 It's an honor to have our
#ActiveDirectory
Forest Recovery solution recognized as a nominee in the Commercial Technology Category for the upcoming 2021 Edison Awards!
#EdisonAwards
#EA2021
Read more about our nominated ADFR solution: .
🆕 in Identity Attack Watch, the Semperis Research Team highlights
#LockBit
's
#ransomware
attacks on small towns and the Italian tax agency,
#BlackBasta
's hit on materials manufacturer Knauf, a breach at Japanese game publisher
#BandaiNamco
, and more.
With
#ransomware
on the rise, your
#ActiveDirectory
requires special attention. Semperis CEO
@ber_mic
shares insights on the steps organizations can take to protect AD and their businesses.
In the wake of a
#cyberattack
, Active Directory can be dismissed as an afterthought. The reality is if AD is compromised, so is your entire environment.
Read more on "Rethinking
#ActiveDirectory
security" (
@helpnetsecurity
)
The way that organizations are increasingly relying on
#ActiveDirectory
makes it the perfect target for cybercriminals. Dan Bowdrey talks to
@cybernews
about why AD is the forgotten system and how organizations can protect themselves.
#Kerberoasting
has been around for a while, but that doesn’t mean that cybercriminals love it any less. In
@thenewstack
,
@shorinsean
shares why this remains one of the most pervasive cyberattack methods against
#Microsoft
AD and how to guard against it. .
Together, in 2022 we'll build a stronger and more cyber resilient world for a safer tomorrow.
#TeamSemperis
wishes everyone a happy, healthy, and safe New Year! 🎊
"There is more that IT shops can do to help protect against the worst that attackers have to offer."
Semperis'
@grouppolicyguy
shares more on 'Using Tiered Administration for
#GroupPolicy
Management,' with
@sdmsoftware
.
What did
@SemperisTech
Senior Product Manager Doug Davis and Director of Services
@shorinsean
take away from this month's
#MSIgnite
Announcements? In the most recent
@HIPConf
Podcast episode, they dive in.
🎙️
In episode 19 of the HIP Podcast,
@shorinsean
is joined by Doug Davis to discuss
#Microsoft
's recent announcements at
#MSIgnite
about
#passwordless
authentication, the new concept of Temporary Access Pass, and more Microsoft initiatives.
🎙️
@Sidragon1
discussed the SolarWinds attack w/
@AmerBanker
: "The security industry has rallied to address this attack from several angles, and in many cases, organizations impacted are working around the clock to determine and implement any necessary fixes."
#PurpleKnight
’s power is growing. The new version of our free
#ActiveDirectory
security assessment tool introduces Azure AD security indicators to address security gaps across on-prem and
#AzureAD
to battle attacks targeting hybrid identity environments.
We are a proud sponsor of
@drjournal
Fall 2022! Don't miss the chance to hear from our Director of Services,
@shorinsean
, on "Setting Up an
#ActiveDirectory
Isolated Recovery Environment for Incident Response."
Learn more about
#DRJFall
+ register now at .
"Once you truly understand your vulnerabilities you can begin to properly protect your organization." - 🗣️ Semperis Chief Technologist
@GGrillen
We were delighted to be a Thought Leadership sponsor at the
#CIOCISODeutschlandSummit
(
@CDMmedia
) today!
New
#cyberattacks
--like the DFSCoerce NTLM relay attack--are nothing ... well, new. Neither is the importance of protecting
#ActiveDirectory
.
@grouppolicyguy
provides some practical tips for blocking the bad guys in this post: .
Ever heard of SPN-jacking? Delve into how attackers could use SPN-jacking to compromise a host or service, how to detect it, and how to prevent it in "SPN-jacking: An Edge Case in WriteSPN Abuse," with
@elad_shamir
.
#cyberattacks
#kerberos
Just Released: With the addition of DSP Intelligence, Semperis further establishes DSP as the industry’s most comprehensive
#ActiveDirectory
threat detection and response platform.
We're very proud to have made the
@Inc
Magazine fifth annual
#Vet100
list—a compilation of the nation's fastest-growing
#veteranowned
businesses. Congratulations to all! 👏 Read more at .
Hybrid
#identity
environments have huge benefits --and increased risks. Get tips for overcoming some of the challenges of securing hybrid identity from
#Semperis
Chief Technologist
@GGrillen
.
In the age of the cloud, dependency on Active Directory is rapidly growing—and so is the attack surface. At today's
#CIOCISOMidwestSummit
,
@gkirkpatrick
shared the dos and don'ts of recovering
#ActiveDirectory
from a cyber disaster.
If your organization uses
#Office365
, you have a hybrid AD environment. Don't wait for
#cyberattacks
to reveal your
#AzureAD
vulnerabilities! The free
#PurpleKnight
security analysis tool includes Azure AD security indicators.
𝗛𝗼𝘄 𝘁𝗼 𝗗𝗲𝗳𝗲𝗻𝗱 𝗔𝗴𝗮𝗶𝗻𝘀𝘁 #𝗗𝗖𝗦𝗵𝗮𝗱𝗼𝘄🛡
This attack exploits a switch in the
#Mimikatz
utility that enables privileged users to inject malicious changes into
#ActiveDirectory
without detection.
Learn to combat this emerging threat:
🔗
NEW BLOG 🚨
@elad_shamir
takes a look behind the scenes of CVE-2021-42278 and CVE-2021-42287 and offers a couple of action items (in addition to
#patching
) that will help prevent domain service privilege escalation.
#activedirectory
#Ransomware
and other attacks that take advantage of poorly delegated
#ActiveDirectory
permissions can hide within your environment, even reinfecting their targets.
@grouppolicyguy
shines a light on these tactics—and a utility you can use to spot them.
We all know the stat: 81% of data breaches are caused by credential abuse. At the center of the storm is
#ActiveDirectory
.
Check out
@idsalliance
’s latest IAM best practices blog by
@gkirkpatrick
on how to secure your “keys to the kingdom.”
Read now: