Aggregator

How to Detect Pass-the-Hash Attacks Blog Series

Security, et al
5 years 9 months ago

Jeff Warren really knows AD security and the Windows Security Log.  He brings me a lot of good ideas and tips for enhancing my Security Log Encyclopedia.  He also really stays up-to-date on the latest cyber attack techniques and thinks about how to detect them with the Security Log, Sysmon and other logs in the AD/Windows environment.  Check out his latest blog post on detecting pass-the-hash with Windows event logs here: https://blog.stealthbits.com/how-to-detect-pass-the-hash-attacks/

This is the first in a three part series so stay tuned for the rest.

From the Dojo to the SOC

F5 Labs
5 years 9 months ago
Key lessons from martial arts translate to cyber-defense, including preparation, taking falls, proper stance, diligent practice, sparring, and continuous growth.

Preparing for denial of service (DoS) attacks

NCSC Feed
5 years 9 months ago
It is not possible to fully mitigate the risk of a denial of service attack affecting your service, but there are some practical steps that will help you be prepared to respond, in the event your service is subjected to an attack.

GDPR security outcomes

NCSC Feed
5 years 9 months ago
This guidance describes a set of technical security outcomes that are considered to represent appropriate measures under the GDPR.

February 2019 Security Update Release

Microsoft Update Tuesday
5 years 9 months ago
Today, we released security updates to provide additional protections against malicious attackers. As a best practice, we encourage customers to turn on automatic updates. More information about this month’s security updates can be found on the Security Update Guide.

Revisiting How Registrants Can Reduce the Threat of Domain Hijacking

Verisign Security Blog
5 years 9 months ago

Recent events1,2 have shown the threat of domain hijacking is very real; however, it is also largely preventable. As Verisign previously noted3, there are many security controls that registrants can utilize to help strengthen their security posture. Verisign would like to reiterate this advice within the context of the recent domain hijacking reports. Domains are […]

The post Revisiting How Registrants Can Reduce the Threat of Domain Hijacking appeared first on Verisign Blog.

Matt Thomas

The Business of Organised Cybercrime

F5 Labs
5 years 9 months ago
F5 Labs' David Warburton writes for Professional Security, discussing how your stereotypical perception of cybercrime is all wrong - and what to do about it.

Protecting your Domain Names: Taking the First Steps

The Akamai Blog
5 years 9 months ago
Everyone and everything on the Internet depends on the Domain Name System (DNS) being functional. The DNS has been a common vector for attacks in recent years, and 2019 seems to be no different. Many of these attacks have goals far more sinister than simply taking a company offline or defacing a website; reported attacks include redirecting some or all of an organization's domain to gain access to protected resources, intercept traffic, and even obtain TLS certificates for that domain. Organizations should perform regular DNS reviews and audits. The following guidelines provide a starting point for your review.
Akamai

Managed ad