Seven Common Microsoft Active Directory Misconfigurations that Adversaries Abuse

Sunday, February 7th, 2021

The modern IT organization has a wide variety of responsibilities and competing priorities. As a result, cybersecurity is often overlooked in favor of projects that have an immediate impact on business operations. Unfortunately, this operating model inevitably leads to unaddressed vulnerabilities and security misconfigurations in services and Active Directory. We’ll refer to ...

Samsung silently disables Windows Update on PCs

Friday, June 26th, 2015

New data from Microsoft MVP and researcher Patrick Barker shows that Samsung has been disabling Windows Update on at least some of its laptops distributed with Windows 8 and 8.1, and the company’s responses thus far have been astonishingly tone-deaf. Not only does Samsung disable the Windows Update capability, it ...

New version of Autoruns integrates with VirusTotal

Sunday, February 1st, 2015

The new version of Microsoft's Autoruns (version 13 - released last week) integrates the VirusTotal API for quick analysis and verification of unknown and questionable processes.  After running the program, just right-click on any entry and select Check VirusTotal: You will need to accept VirusTotal's Terms of Service by clicking Yes: Once ...

Keysweeper: creepy keystroke logger camouflaged as USB charger

Tuesday, January 13th, 2015

KeySweeper is a stealthy Arduino-based device, camouflaged as a functioning USB wall charger, that wirelessly and passively sniffs, decrypts, logs and reports back all keystrokes from any Microsoft wireless keyboards (which use a proprietary 2.4GHz RF protocol) in the area. Keystrokes are sent back to the KeySweeper operator over the Internet ...

Microsoft Windows Hit By New Zero-Day Attack

Wednesday, October 22nd, 2014

Microsoft has disclosed that a new zero-day vulnerability is present in Windows, and is exploited via Microsoft Office files. According to Microsoft Security Advistory 3010060, the vulnerability is present in all supported versions of Windows except Windows Server 2003. The vulnerability (designated as CVE-2014-6352) is triggered by an attacker sending a specially ...