1239 matches found
Authentication flaw
If LDAP authentication is enabled, an LDAP authentication bypass vulnerability in Trend Micro Deep Security 10.x-12.x could allow an unauthenticated attacker with prior knowledge of the targeted organization to bypass manager authentication. Enabling multi-factor authentication prevents this...
CVE-2020-15605
The CVE-2020-15605 entry concerns Trend Micro Vulnerability Protection 2.0 SP2 with LDAP authentication enabled. The flaw allows an unauthenticated attacker who has knowledge of the targeted organization to bypass the manager authentication mechanism via LDAP authentication bypass. The impact is ...
CVE-2020-15605
If LDAP authentication is enabled, an LDAP authentication bypass vulnerability in Trend Micro Vulnerability Protection 2.0 SP2 could allow an unauthenticated attacker with prior knowledge of the targeted organization to bypass manager authentication. Enabling multi-factor authentication prevents...
How do I implement a Zero Trust security model for my Microsoft remote workforce?
Digital empathy should guide your Zero Trust implementation Zero Trust has always been key to maintaining business continuity. And now, it’s become even more important during the COVID-19 pandemic to helping enable the largest remote workforce in history. While organizations are empowering people...
New data from Microsoft shows how the pandemic is accelerating the digital transformation of cyber-security
The importance of cybersecurity in facilitating productive remote work was a significant catalyst for the two years-worth of digital transformation we observed in the first two months of the COVID-19 pandemic. In this era of ubiquitous computing, security solutions don’t just sniff out threats,...
New Forrester study shows customers who deploy Microsoft Azure AD benefit from 123% ROI.
Over the past six months, organizations around the world have accelerated digital transformation efforts to rapidly enable a remote workforce. As more employees than ever access apps via their home networks, the corporate network perimeter has truly disappeared, making identity the control plane...
Why & Where You Should Plant Your Flag
Several stories here have highlighted the importance of creating accounts online tied to your various identity, financial and communications services before identity thieves do it for you. This post examines some of the key places where everyone should plant their virtual flags. As KrebsOnSecurit...
Microsoft Office 365—Do you have a false sense of cloud security?
Through difficult times, some adversaries will find opportunities and COVID-19 has proven to be a ripe opportunity for them to target a new, expanding, remote workforce. While these threats morph and evolve, Microsoft’s Detection and Response Team DART finds ways to endure and help organizations...
Zero Trust: From security option to business imperative overnight
Not long ago when I spoke with customers about Zero Trust, our conversations focused on discussing the principles, defining scope, or sharing our own IT organization’s journey. Zero Trust was something interesting to learn about, and most organizations were very much in the exploratory phase. As...
Afternoon Cyber Tea: Revisiting social engineering: The human threat to cybersecurity
Most of us know ‘Improv’ through film, theatre, music or even live comedy. It may surprise you to learn that the skills required for improvisational performance art, can also make you a good hacker? In cybersecurity, while quite a bit of focus is on the technology that our adversaries use, we mus...
CVE-2020-5384
Authentication Bypass Vulnerability RSA MFA Agent 2.0 for Microsoft Windows contains an Authentication Bypass vulnerability. A local unauthenticated attacker could potentially exploit this vulnerability by using an alternate path to bypass authentication in order to gain full access to the system...
Paving the Path to Passwordless
Passwords seem to be the digital equivalent of the phrase, “can’t live with ’em, can’t live without ’em.” They’re supposed to protect sensitive information and data, but passwords can also be incredibly frustrating; you shouldn’t use the same one across the board, which means you probably have...
Prevent and detect more identity-based attacks with Azure Active Directory
Security incidents often start with just one compromised account. Once an attacker gets their foot in the door, they can escalate privileges or gather intelligence that helps them reach their goals. This is why we say that identity is the new security perimeter. To reduce the risk of a data breac...
E-Verify’s “SSN Lock” is Nothing of the Sort
One of the most-read advice columns on this site is a 2018 piece called "Plant Your Flag, Mark Your Territory," which tried to impress upon readers the importance of creating accounts at websites like those at the Social Security Administration, the IRS and others before crooks do it for you. A k...
Broad, Ongoing Cyberattacks Targeting Australia Underscore Need for Behavioral-Based Cybersecurity
On Friday the Australian Federal Government detailed sustained ‘copy-paste’ threats on government and business throughout the country. According to the Government: “‘Copy-paste compromises’ is derived from … heavy use of proof-of-concept exploit code, web shells and other tools copied almost...
Turn on MFA Before Crooks Do It For You
Hundreds of popular websites now offer some form of multi-factor authentication MFA, which can help users safeguard access to accounts when their password is breached or stolen. But people who don't take advantage of these added safeguards may find it far more difficult to regain access when thei...
Mitigating Credential Stuffing Attacks in the Financial Sector
If You Think Multi-Factor Authentication Prevents Credential Stuffing, Think Again! Financial services firms around the world are experiencing credential stuffing attacks at an alarming rate. Cybercriminals are using readily available automation tools, botnets, and compromised account credentials...
11 security tips to help stay safe in the COVID-19 era
The COVID-19 pandemic has changed our daily routines, the ways we work, and our reliance on technology. Many of us are now working remotely, students are attending classes virtually, and we’re relying more on social media and social networks to stay connected as we define what our new normal look...
Operational resilience in a remote work world
Microsoft CEO Satya Nadella recently said, “We have seen two years’ worth of digital transformation in two months.” This is a result of many organizations having to adapt to the new world of document sharing and video conferencing as they become distributed organizations overnight. At Microsoft, ...
Protect your accounts with smarter ways to sign in on World Passwordless Day
As the world continues to grapple with COVID-19, our lives have become increasingly dependent on digital interactions. Operating at home, we’ve had to rely on e-commerce, telehealth, and e-government to manage the everyday business of life. Our daily online usage has increased by over 20 percent...