Protect your Active Directory from these Password-based Vulnerabilities

Deploying a security solution like Specops Password Policy enhances the protection of passwords, which are frequently exploited as an initial entry point by attackers.
In this attack, the perpetrator, typically using a compromised low-level account with legitimate access, requests service tickets for accounts with SPNs. These tickets are encrypted with the service account's password.
The attacker then tries to crack the password offline by brute-forcing the encryption of the obtained service ticket, not the TGT. Strong, complex passwords are vital in defending against Kerberoasting attacks.
Implementing robust password policies, and monitoring for unusual service ticket requests can significantly reduce the risk.
Tools like Specops Password Auditor are beneficial as they enable scanning and detection of weak passwords within AD, including those found in breached password lists.
Additional measures like using longer and more complex passwords for service accounts, enabling AES encryption for Kerberos, and minimizing the number of service accounts with SPNs can further bolster security against such attacks.
Like other brute-force attacks, password spraying plays the volume game.
Attackers, manually or through automation tools, try the most common passwords on various user accounts throughout an organization, hoping to find a username-password match.
A third-party password solution that can enforce longer passwords, and block the use of high-probability passwords, is the best approach.
One common scenario is the scripting of new user accounts, which often results in users having the same default password.
Another scenario is when users have multiple accounts, such as an admin and a regular user account, and they opt for using the same password to avoid the hassle of remembering multiple passwords.
To mitigate this issue, Specops Password Auditor can identify users with the same password in AD, enabling organizations to address security gaps caused by default credentials.
Attackers will either exploit a system vulnerability, steal user credentials, or guess the passwords of privileged accounts to get higher permissions.
Preventing these devastating attacks requires robust enforcement of password policies, particularly for privileged users.
Specops Password Policy enhances security controls in AD by enforcing strong password policies.
One of its key features is Breached Password Protection, which blocks over 4 billion known compromised passwords from being used.
This helps mitigate the risks associated with password attacks and password reuse.
To further assess the security of your AD you can download Specops Password Auditor, a free read only reporting tool that scans your AD for over 950 million compromised passwords, blank passwords, identical passwords, and other password-related vulnerabilities.
Your end-users are reusing passwords - that's a big problem.
Over 40,000 admin portal accounts use 'admin' as a password.


This Cyber News was published on www.bleepingcomputer.com. Publication date: Thu, 14 Dec 2023 16:25:15 +0000


Cyber News related to Protect your Active Directory from these Password-based Vulnerabilities

Avoid high cyber insurance costs by improving Active Directory security - Insurance broker and risk advisor Marsh revealed that US cyber insurance premiums rose by an average of 11% in the first quarter of 2023, and Delinea reported that 67% of survey respondents said their cyber insurance costs increased between 50% and ...
8 months ago Bleepingcomputer.com
How to perform a proof of concept for automated discovery using Amazon Macie | AWS Security Blog - After reviewing the managed data identifiers provided by Macie and creating the custom data identifiers needed for your POC, it’s time to stage data sets that will help demonstrate the capabilities of these identifiers and better understand how ...
1 month ago Aws.amazon.com
Best Password Generators of 2024 to Secure Your Accounts - Overview of best password generators to secure online accounts. We have various password generators to help us protect our accounts and practical barriers to protect our sensitive information. We have compiled this list of the best password ...
5 months ago Cyberdefensemagazine.com
A Cybersecurity Risk Assessment Guide for Leaders - Now more than ever, keeping your cyber risk in check is crucial. In the first half of 2022's Cyber Risk Index, 85% of the survey's 4,100 global respondents said it's somewhat to very likely they will experience a cyber attack in the next 12 months. ...
1 year ago Trendmicro.com
How to manage a migration to Microsoft Entra ID - Microsoft Entra ID, formerly Azure Active Directory, is not a direct replacement for on-premises Active Directory due to feature gaps and alternative ways to perform similar identity and access management tasks. For some organizations, a move to ...
10 months ago Techtarget.com
Password Advice for the Rest of Us - Cisco Blogs - The key function you’re wanting out of a password manager is the ability to create passwords that are at least twenty (20) characters long, with all the typical mix of letters, numbers and symbols, as well as the ability to create a unique password ...
1 month ago Feedpress.me
9 Best DDoS Protection Service Providers for 2024 - eSecurity Planet content and product recommendations are editorially independent. We may make money when you click on links to our partners. Learn More. One of the most powerful defenses an organization can employ against distributed ...
11 months ago Esecurityplanet.com
Five Eyes Agencies Put Focus on Active Directory Threats - Security Boulevard - Cybersecurity agencies in the United States and other countries are urging organizations to harden the security around Microsoft’s Active Director (AD) solution, which has become a prime target of hackers looking to compromise enterprise networks. ...
1 month ago Securityboulevard.com
US Man Jailed 8 Years for SIM Swapping and Apple Support Impersonation - Advertising presented to you on this service can be based on limited data, such as the website or app you are using, your non-precise location, your device type or which content you are interacting with. Information about your activity on this ...
11 months ago Hackread.com
Is it possible to use an external SSD to speed up your Mac - Cookies, device or similar online identifiers together with other information can be stored or read on your device to recognise it each time it connects to an app or to a website, for one or several of the purposes presented here. Advertising ...
10 months ago Hackread.com
Defend Your Business: Testing Your Security Against QakBot and Black Basta Ransomware - Advertising presented to you on this service can be based on limited data, such as the website or app you are using, your non-precise location, your device type or which content you are interacting with. Information about your activity on this ...
5 months ago Securityboulevard.com
What is Biometric Security? Your Body Becomes Your Key - Advertising presented to you on this service can be based on limited data, such as the website or app you are using, your non-precise location, your device type or which content you are interacting with. Information about your activity on this ...
10 months ago Hackersonlineclub.com
How to Share a Wi-Fi Password: A Step-by-Step Guide - You can unsubscribe at any ...
1 month ago Techrepublic.com
Flashpoint Uncovers 100,000+ Hidden Vulnerabilities, Including Zero-Days - Cookies, device or similar online identifiers together with other information can be stored or read on your device to recognise it each time it connects to an app or to a website, for one or several of the purposes presented here. Advertising ...
11 months ago Hackread.com
Google Kubernetes Engine Vulnerabilities Could Allow Cluster Takeover - Cookies, device or similar online identifiers together with other information can be stored or read on your device to recognise it each time it connects to an app or to a website, for one or several of the purposes presented here. Advertising ...
10 months ago Hackread.com
Poisoned Data, Malicious Manipulation: NIST Study Reveals AI Vulnerabilities - Advertising presented to you on this service can be based on limited data, such as the website or app you are using, your non-precise location, your device type or which content you are interacting with. Information about your activity on this ...
10 months ago Hackread.com
Automation Scanner To Find Latest Web Vulnerabilities - Cookies, device or similar online identifiers together with other information can be stored or read on your device to recognise it each time it connects to an app or to a website, for one or several of the purposes presented here. Advertising ...
10 months ago Hackersonlineclub.com
Mirai-based NoaBot Botnet Targeting Linux Systems with Cryptominer - Advertising presented to you on this service can be based on limited data, such as the website or app you are using, your non-precise location, your device type or which content you are interacting with. Information about your activity on this ...
10 months ago Hackread.com
Three-year-old Apache Flink flaw now under active attack The Register - Advertising presented to you on this service can be based on limited data, such as the website or app you are using, your non-precise location, your device type or which content you are interacting with. Information about your activity on this ...
5 months ago Theregister.com
Empowering MSPs to Protect Clients - Advertising presented to you on this service can be based on limited data, such as the website or app you are using, your non-precise location, your device type or which content you are interacting with. Information about your activity on this ...
7 months ago Gbhackers.com
Lee County student Chromebooks hacked in 'Cyber Monday prank' - Cookies, device or similar online identifiers together with other information can be stored or read on your device to recognise it each time it connects to an app or to a website, for one or several of the purposes presented here. Advertising ...
11 months ago Nbc-2.com
Google to Delete Inactive Gmail Accounts From Today - Cookies, device or similar online identifiers together with other information can be stored or read on your device to recognise it each time it connects to an app or to a website, for one or several of the purposes presented here. Advertising ...
11 months ago Hackread.com
Particle Network's Intent-Centric Approach Aims to Simplify and Secure Web3 - Cookies, device or similar online identifiers together with other information can be stored or read on your device to recognise it each time it connects to an app or to a website, for one or several of the purposes presented here. Advertising ...
11 months ago Hackread.com
Stellar Cyber Bridges Cybersecurity Skills Gap with First-of-Its-Kind University Program - Cookies, device or similar online identifiers together with other information can be stored or read on your device to recognise it each time it connects to an app or to a website, for one or several of the purposes presented here. Advertising ...
11 months ago Hackread.com
Microsoft Outlook Vulnerability Exploited by Russian Forest Blizzard APT - Cookies, device or similar online identifiers together with other information can be stored or read on your device to recognise it each time it connects to an app or to a website, for one or several of the purposes presented here. Advertising ...
11 months ago Hackread.com

Latest Cyber News


Cyber Trends (last 7 days)


Trending Cyber News (last 7 days)