Saturday , April 19 2025
cisa

CISA Releases Guideline mitigating Active Directory compromise

To improve cybersecurity, the Cybersecurity and Infrastructure Security Agency (CISA) has partnered with international agencies to release a guide on detecting and addressing Active Directory compromises.

This guidance, from the ASD, NSA, CCCS, NCSC-NZ, and NCSC-UK, informs organizations about common techniques used by cybercriminals to target Microsoft Active Directory.

CVE-2025-2492
ASUS warns of critical auth bypass flaw in routers

Hackers can exploit a vulnerability in Asus routers to execute unauthorized functions. This serious issue, rated 9.2 out of 10,...
Read More
CVE-2025-2492  ASUS warns of critical auth bypass flaw in routers

16,000+ Fortinet devices compromised with symlink backdoor, Mostly in Asia

According to Shadowserver Foundation around 17,000 Fortinet devices worldwide have been compromised using a new technique called "symlink". This number...
Read More
16,000+  Fortinet devices compromised with symlink backdoor, Mostly in Asia

Patch now! Critical Erlang/OTP SSH Vuln Allows UCE

A critical security flaw has been found in the Erlang/Open Telecom Platform (OTP) SSH implementation, allowing an attacker to run...
Read More
Patch now! Critical Erlang/OTP SSH Vuln Allows UCE

CISA warns of increasing risk tied to Oracle legacy Cloud leak

On Wednesday, CISA alerted about increased breach risks due to the earlier compromise of legacy Oracle Cloud servers, emphasizing the...
Read More
CISA warns of increasing risk tied to Oracle legacy Cloud leak

CVE-2025-20236
Cisco Patches Unauthenticated RCE Flaw in Webex App

Cisco issued a security advisory about a serious vulnerability in its Webex App that allows unauthenticated remote code execution (RCE)...
Read More
CVE-2025-20236  Cisco Patches Unauthenticated RCE Flaw in Webex App

Apple released emergency security updates for 2 zero-day vulns

On Wednesday, Apple released urgent operating system updates to address two security vulnerabilities that had already been exploited in highly...
Read More
Apple released emergency security updates for 2 zero-day vulns

Oracle Released Patched for 378 flaws for April 2025

On April 15, 2025, Oracle released a Critical Patch Update for 378 flaws for its products. The patch update covers...
Read More
Oracle Released Patched for 378 flaws for April 2025

CVE-2025-24054
Hackers Exploiting NTLM Spoofing Windows Vuln the in Wild

Check Point Research warns of the active exploitation of a new vulnerability, CVE-2025-24054, which lets hackers leak NTLMv2-SSP hashes using...
Read More
CVE-2025-24054  Hackers Exploiting NTLM Spoofing Windows Vuln the in Wild

Bengaluru firm got ransomware attack, Hacker demanded $70,000

Bengaluru's Whiteboard Technologies Pvt Ltd was hit by a ransomware attack, with hackers demanding a ransom of up to $70,000...
Read More
Bengaluru firm got ransomware attack, Hacker demanded $70,000

MITRE warns: U.S. Govt. Funding for MITRE’s CVE Ends Today

MITRE Vice President Yosry Barsoum warned that U.S. government funding for the Common Vulnerabilities and Exposures (CVE) and Common Weakness...
Read More
MITRE warns: U.S. Govt. Funding for MITRE’s CVE Ends Today

Active Directory is essential for authentication and authorization in enterprise IT networks worldwide, offering services like Domain Services (AD DS), Federation Services (AD FS), and Certificate Services (AD CS).

Active Directory is a key target for cyber attackers due to its weak default settings, complicated relationships, outdated protocols, and insufficient security diagnostics tools.

Common Techniques Exploited by Malicious Actors:

The guide lists 17 ways malicious actors compromise Active Directory.

Key Techniques Include:

Kerberoasting: This involves taking advantage of certain user accounts to get tickets that can be decoded to find the actual password.

Authentication Server Response (AS-REP) Roasting: This method focuses on user accounts that skip the first security step, enabling attackers to decode the AS-REP ticket to retrieve the password.

Password Spraying: A method where attackers try common passwords on many accounts to gain access.

Machine Account Quota Compromise: Taking advantage of the default limit on machine accounts a user can create to gain unauthorized access.

Unconstrained Delegation: Letting attackers act as any user in the domain.

Mitigation Strategies:

The guide provides robust mitigation strategies to protect against these threats:

Implementing Microsoft’s Enterprise Access Model: This model helps ensure that highly privileged user accounts are not compromised by lower-level systems and that these accounts only manage their own secure resources.

Minimizing SPNs: Limit the number of user objects with Service Principal Names (SPNs) to reduce the risk of Kerberoasting attacks.

Ensuring Kerberos Pre-authentication: Configure all user accounts to require Kerberos pre-authentication to prevent AS-REP Roasting attacks.

Using Group Managed Service Accounts (gMSAs): Automatically changing and securing passwords for service accounts.

Monitoring and Logging: Centrally collect and review events like TGS ticket requests to spot unusual activity.

Detecting Active Directory compromises is difficult because legitimate and malicious activities often look alike. The guide recommends using tools like BloodHound, PingCastle, and Purple Knight to spot misconfigurations and vulnerabilities. It suggests looking at event ID 4769, which tracks TGS ticket requests, to spot possible Kerberoasting activity.

This guide highlights the importance for organizations to prioritize the security of their Active Directory environments.

Organizations can improve their cybersecurity by understanding common attack techniques and applying recommended mitigation strategies to protect against serious threats. To protect enterprise IT networks from evolving cyber threats, staying informed and proactive is crucial.

India linked hacker to target Bangladeshi Gov.t and law agency

Check Also

ANY.RUN

Top 10 Malware Threats of the Week: Reports ANY.RUN

Cybersecurity platform ANY.RUN recently reported the top 10 malware threats of the week, highlighting a …

Leave a Reply

Your email address will not be published. Required fields are marked *