Microsoft Security Advisory for ADCS exploit – ADV210003
This morning we provided details to our existing support and co-management customers on a recent notice of vulnerability to certain Microsoft ADCS configurations. The exploit involves NTLM and leveraging some ADCS PKI components. Full details can be found here: https://msrc.microsoft.com/update-guide/en-US/vulnerability/ADV210003. Summary In environments with NTLM authentication still enabled in Active Directory and when using ADCS…Read More
Targeting the Extended Supply Chain – a Brief Review of Stuxnet
In November, 2010 Iranian president Mahmoud Ahmadinejad announced that a “cyber weapon” had been deployed against the Natanz nuclear laboratory. Indeed, some infosec pundits subsequently referred to the attack, called “Stuxnet”, as the first true cyber weapon to be used in anger. While that may be debatable, what is not in question is the design,…Read More
RPKI – The most important Internet security component you never heard of.
What do AWS, Radware, Nintendo, Google, and Facebook all have in common (other than being some of the smartest actors in internet commerce)? Over the past 18 months, they have all been impacted by outages traceable to the Border Gateway Protocol (BGP). The BGP was designed in 1994, literally on a napkin, to route data…Read More
Our Advanced PKI Training Course Is Now Online
Now is the time to keep your PKI healthy – now more than ever. The key to operating and maintaining your PKI is understanding how it all works. We all know that PKIs are the foundational backbone of enterprise IT security, IoT, and industry specific security standards. Ensuring the security and integrity of your PKI…Read More
Are You Managing Your Secrets?
Do you know where your organization’s secrets are kept? The modern IT landscape is filled with secrets: certificates, cryptocurrency wallets, SQL connection strings, storage account keys, passwords, and encryption keys. Getting a handle on secrets management can be a top challenge. Knowing where secrets are kept in the company is critical – and sometimes easier…Read More