Blog Excess Privileges Test Organizations' Cyber Resilience The recent case of Hongjin Tan underscores the continuing risk of data- and intellectual property theft by rogue employees. But organizations that hope to crack down on such incidents need to address the endemic problem of lax privilege management.
Blog Zoom and Gloom: Your Security Risk is (much) Bigger than One App Zoom is responding to a torrent of revelations about security and privacy issues in its platform. But enterprise concerns about application security holes and data privacy shouldn’t be limited to one platform.
Blog QOMPLX Knowledge: Silver Ticket Attacks Explained In our second QOMPLX Knowledge post, we profile Kerberos Silver Tickets: forged Ticket Granting Service (TGS) tickets.
Blog Microsoft Active Directory Golden Ticket Attacks Explained: QOMPLX Knowledge The first installment of our QOMPLX Knowledge series examines Golden Ticket Attacks against Microsoft Active Directory. Successful attacks enable threat actors control over an Active Directory KRBTGT and access to any resource on an Active Directory Domain.
Blog Worried about Human Operated Ransomware? Stop using NTLM, start validating Kerberos Microsoft's excellent report on human-operated ransomware attacks didn't mention a common thread in many successful attacks: continued use NTLM. Here is QOMPLX's advice on how to take away a ransomware attackers biggest advantage.
Blog QOMPLX Ideas: Ahead of Digital Transformation: Address Security Fundamentals Business leaders need to know when to quit dead-end technology projects and do the right thing by their customers, instead of trying to save face and plough on.
