Amid Ascension’s decision not to discuss the attack, there aren’t enough details to provide a complete autopsy of Ascension’s missteps and the measures the company could have taken to prevent the network breach. In general, though, the one-two pivot indicates a failure to follow various well-established security approaches. One of them is known as security… Read More »
A prominent US senator has called on the Federal Trade Commission to investigate Microsoft for “gross cybersecurity negligence,” citing the company’s continued use of an obsolete and vulnerable form of encryption that Windows uses by default. In a letter to FTC Chairman Andrew Ferguson, Sen. Ron Wyden (D–Ore.) said an investigation his office conducted into… Read More »
Aurich Lawson / Getty reader comments 52 with 38 posters participating Share this story A small retail business in North Africa, a North American telecommunications provider, and two separate religious organizations: What do they have in common? They’re all running poorly configured Microsoft servers that for months or years have been spraying the Internet with… Read More »
reader comments 20 with 16 posters participating Share this story A public proof-of-concept (PoC) exploit has been released for the Microsoft Azure Active Directory credentials brute-forcing flaw discovered by Secureworks and first reported by Ars. The exploit enables anyone to perform both username enumeration and password brute-forcing on vulnerable Azure servers. Although Microsoft had initially… Read More »
reader comments 8 with 8 posters participating Share this story Imagine having unlimited attempts to guess someone’s username and password without getting caught. That would make an ideal scenario for a stealthy threat actor—leaving server admins with little to no visibility into the attacker’s actions, let alone the possibility of blocking them. A newly discovered… Read More »
Getty Images reader comments 12 with 8 posters participating Share this story One of the most critical Windows vulnerabilities disclosed this year is under active attack by hackers who are trying to backdoor servers that store credentials for every user and administrative account on a network, a researcher said on Friday. Zerologon, as the vulnerability… Read More »