In this blog in the “IT security under attack” series, we wanted to shed some light on an unfamiliar and seldom discussed topic in IT security: the default, out-of-the-box configurations in IT environments that may be putting your network and users at risk. Default settings, and why the initial configuration is not the most secure […]
Domain controller patch alert! Vulnerability grants domain admin access in 10 seconds
A critical Active Directory vulnerability (CVE-2020-1472) has been making headlines for being the most notorious elevation of privilege bug because it can affect all computers and domain controllers in an organization. This high-risk vulnerability, dubbed Zerologon, gives threat actors easy, instant access to domain controllers without requiring any additional privileges. This attack does not even […]
Cleaning up inactive user accounts in Active Directory
When employees leave organizations, their user accounts often remain in Active Directory (AD) without gathering much attention. The passwords on these accounts remain unchanged when no longer in use, which could lead to potential compromise. For optimum security, enterprises should always ensure that inactive or obsolete user accounts are protected or, better yet, deleted. Microsoft […]