Recherche : [AD] - Cyberveille

BadSuccessor: Abusing dMSA to Escalate Privileges in Active Directory https://www.akamai.com/blog/security-research/abusing-dmsa-for-privilege-escalation-in-active-directory?is=09685296f9ea1fb2ee0963f2febaeb3a55d8fb1eddbb11ed4bd2da49d711f2c7

24/05/2025 10:27:07

Akamai researcher Yuval Gordon discovered a privilege escalation vulnerability in Windows Server 2025 that allows attackers to compromise any user in Active Directory (AD).
The attack exploits the delegated Managed Service Account (dMSA) feature that was introduced in Windows Server 2025, works with the default configuration, and is trivial to implement.
This issue likely affects most organizations that rely on AD. In 91% of the environments we examined, we found users outside the domain admins group that had the required permissions to perform this attack.
Although Microsoft states they plan to fix this issue in the future, a patch is not currently available. Therefore, organizations need to take other proactive measures to reduce their exposure to this attack. Microsoft has reviewed our findings and approved the publication of this information.

In this blog post, we provide full details of the attack, as well as detection and mitigation strategies.

L’Active Directory et l’exposition Internet au programme du plan de sécurisation des hôpitaux https://www.zdnet.fr/actualites/l-active-directory-et-l-exposition-internet-au-programme-du-plan-de-securisation-des-hopitaux-39965128.htm

25/03/2024 09:04:04

Deux premiers guichets d’aide du programme de renforcement de la sécurité informatique CaRe viennent d’être ouverts pour les établissements de santé.

Guarding the Bridge: New Attack Vectors in Azure AD Connect https://blog.sygnia.co/guarding-the-bridge-new-attack-vectors-in-azure-ad-connect

04/08/2023 09:41:15

By researching Azure AD Connect components, Sygnia was able to discover several attack vectors for extracting Connector credentials and domain users’ NT hashes, while avoiding common security solutions.

Untitled Goose Tool Aids Hunt and Incident Response in Azure, Azure Active Directory, and Microsoft 365 Environments https://www.cisa.gov/news-events/alerts/2023/03/23/untitled-goose-tool-aids-hunt-and-incident-response-azure-azure-active-directory-and-microsoft-365

25/03/2023 11:12:42

Today, CISA released the Untitled Goose Tool to help network defenders detect potentially malicious activity in Microsoft Azure, Azure Active Directory (AAD), and Microsoft 365 (M365) environments. The Untitled Goose Tool offers novel authentication and data gathering methods for network defenders to use as they interrogate and analyze their Microsoft cloud services. The tool enables users to:

Meta’s Ad Practices Ruled Illegal Under E.U. Law https://www.nytimes.com/2023/01/04/technology/meta-facebook-eu-gdpr.html

05/01/2023 23:47:40

The decision is one of the most consequential issued under the E.U.’s landmark data-protection law and creates a new business headwind for the social media giant.

Google Let Sberbank-Owned RuTarget Harvest User Data for Months https://www.propublica.org/article/google-russia-rutarget-sberbank-sanctions-ukraine

09/07/2022 18:43:48

The internet giant may have provided Sberbank-owned RuTarget with unique mobile phone IDs, IP addresses, location information and details about users’ interests and online activity.

Liens par page

Filtres