Authentication, Performance and SMB

Microsoft’s November 2024 Patch Tuesday Addresses 87 CVEs (CVE-2024-43451, CVE-2024-49039)

Tenable

NOVEMBER 12, 2024

Successful exploitation would lead to the unauthorized disclosure of a user’s NTLMv2 hash, which an attacker could then use to authenticate to the system as the user. For more specific guidance on best practices for vulnerability assessments, please refer to our blog post on How to Perform Efficient Vulnerability Assessments with Tenable.

Windows

Windows Software Review Azure Systems Review

CVE-2024-8260: SMB Force-Authentication Vulnerability in OPA Could Lead to Credential Leakage

Tenable

OCTOBER 22, 2024

Tenable Research discovered an SMB force-authentication vulnerability in Open Policy Agent (OPA) that is now fixed in the latest release of OPA. This exploration led us to discover an SMB force-authentication vulnerability (CVSSv3 6.1) affecting all existing versions of OPA for Windows at that time.

SMB

SMB Authentication Policies Open Source

It's 2022. Why do you keep using SMB?

Ivanti

MARCH 4, 2022

During the last 25 years, companies have relied on SMB protocol to allow them to collaborate and centralize corporate documents. The history of SMB (and why it's no longer relevant). The latest iteration, SMB 3.1.1, encryption added in SMB3 and implemented a pre-authentication integrity check using?SHA-512?hash.

SMB

SMB LAN Authentication Windows

Webinars

Agent Tooling: Connecting AI to Your Tools, Systems & Data

Automation, Evolved: Your New Playbook for Smarter Knowledge Work

Mastering Apache Airflow® 3.0: What’s New (and What’s Next) for Data Orchestration

MORE WEBINARS

Maximize Your Vulnerability Scan Value with Authenticated Scanning

Tenable

NOVEMBER 30, 2023

Start doing authenticated scanning. Performing authenticated scans of your environment offers essential benefits and is a practice widely recognized as valuable. The scan configurations we observe in Tenable’s SaaS products are telling: our customers run unauthenticated scans 20 times more than authenticated ones.

Authentication

Authentication Software Review SMB Systems Review

From Bugs to Breaches: 25 Significant CVEs As MITRE CVE Turns 25

Tenable

OCTOBER 22, 2024

CVE-2017-0144: Windows SMB Remote Code Execution Vulnerability EternalBlue Remote Code Execution Exploited Network WannaCry NotPetya High 2017 Why it’s significant: CVE-2017-0144 was discovered by the National Security Agency (NSA) and leaked by a hacker group known as Shadow Brokers, making it widely accessible. and Medusa adopted it.

Software Review

Software Review Windows Groups Network

Microsoft’s September 2024 Patch Tuesday Addresses 79 CVEs (CVE-2024-43491)

Tenable

SEPTEMBER 10, 2024

Active Directory Lightweight Directory Services Administrative Tools Internet Explorer 11 Internet Information ServicesWorld Wide Web Services LPD Print Service Microsoft Message Queue (MSMQ) Server Core MSMQ HTTP Support MultiPoint Connector SMB 1.0/CIFS Advanced Services ASP.NET 4.6 This vulnerability was assigned a CVSSv3 score of 7.3

Windows

Windows Azure Authentication SMB

MSPs are the Holy Grail for Cybercriminals! Are You Protected?

Kaseya

SEPTEMBER 9, 2019

MSPs hold the keys to the kingdom when it comes to data access and, while a typical day won’t involve leaping from trains to protect it like the fictional professor, they still need to take action to keep themselves and their SMB customers safe. They can also jump from a partner or SMB customer over to you! Island Hopping.

SMB

SMB Training Machine Learning Artificial Inteligence

5 Ways to Protect Scanning Credentials for Windows Hosts

Tenable

MAY 8, 2020

In my last post , I covered general best practices for protecting credentials when performing network assessments. Usually, accounts used for remote administrative authentication, like Nessus performs, don’t need to behave like a standard user account. Secure SMB protocols. Enforce SMB signing.

Windows

Windows SMB Authentication Network

Build RAG-based generative AI applications in AWS using Amazon FSx for NetApp ONTAP with Amazon Bedrock

AWS Machine Learning - AI

SEPTEMBER 17, 2024

An OpenSearch Serverless vector search collection provides a scalable and high-performance similarity search capability. We use an Amazon Elastic Compute Cloud (Amazon EC2) Windows server as an SMB/CIFS client to the FSx for ONTAP volume and configure data sharing and ACLs for the SMB shares in the volume.

Generative AI

Generative AI AWS Applications Serverless

Microsoft’s March 2022 Patch Tuesday Addresses 71 CVEs (CVE-2022-23277, CVE-2022-24508)

Tenable

MARCH 8, 2022

Windows SMB Server. An authenticated user can exploit this vulnerability to execute arbitrary code on an affected server. While an attacker must be authenticated to exploit this vulnerability, Microsoft strongly recommends patching or applying the suggested workarounds as soon as possible. Windows Media. Windows PDEV.

Windows

Windows Authentication SMB .Net

Examining the Treat Landscape

Tenable

OCTOBER 29, 2021

We’ll explore how attackers: achieve initial access, elevate privileges, compromise Active Directory and perform remote code execution. These IABs perform the initial breach of diverse targets and sell that access for a fee. Specifically, CISA has warned of the TrickBot malware and BlackMatter ransomware abusing SMB.

SMB

SMB Software Review Minimum Viable Product Systems Review

Palo Alto Networks Recognized in Critical Capabilities Report

Palo Alto Networks

MAY 22, 2023

We received the highest scores out of all vendors in the Enterprise Edge and Distributed Enterprise use cases, and second highest scores in the Enterprise Data Center and SMB use cases. This is specifically targeted for the Enterprise Data Center, with up to 2x the performance of the previous generation PA-5200 Series.

Network

Network Report Firewall Data Center

Challenges and Checklists While Migrating COTS Application to Cloud

Dzone - DevOps

MARCH 13, 2023

Verify that SaaS offering support required integration with existing interfaces as well as user accessibility (authentication/authorization) and security. File-Based Integration — The existing and target configuration of file share depends on the protocol supported (SMB, NFS, DFS, etc.)

Applications

Applications Cloud Off-The-Shelf SMB

Our impressions from Apple’s 2019 Worldwide Developer Conference (WWDC)

Ivanti

JUNE 26, 2019

In addition, Device Enrollment with ABM will allow iOS 13 and macOS Catalina devices to authenticate using modern authentication through an Identity Provider (IdP), and will even support Multi-Factor Authentication (MFA). . In doing so, your macOS and your apps will perform just as they did prior to the update.

Conference

Conference Development Systems Review Storage

Running the OpenTelemetry Collector in Azure Container Apps

Honeycomb

SEPTEMBER 14, 2022

There are tons of other benefits that come with Container Apps, like built-in Authentication, and SSL termination. For this post, we won’t be using Authentication. We’ll cover securing the infrastructure in VNETs and providing authentication for the frontend app flows later. enabled-protocols SMB. quota 1024.

Azure

Azure Storage SMB Groups

Running the OpenTelemetry Collector in Azure Container Apps

Honeycomb

SEPTEMBER 14, 2022

There are tons of other benefits that come with Container Apps, like built-in Authentication, and SSL termination. For this post, we won’t be using Authentication. We’ll cover securing the infrastructure in VNETs and providing authentication for the frontend app flows later. enabled-protocols SMB. quota 1024.

Azure

Azure Storage SMB Groups

Slack Patches Download Hijack Vulnerability in Windows Desktop App

Tenable

MAY 17, 2019

This download path can be an attacker-owned SMB share, which would cause all future documents downloaded in Slack to be instantly uploaded to the attacker's server. Attack scenarios: The attack can be performed through any Slack direct messaging or Slack channel to which an attacker might be authenticated.

Windows

Windows SMB Authentication Malware

CISA Directive 22-01: How Tenable Can Help You Find and Fix Known Exploited Vulnerabilities

Tenable

NOVEMBER 10, 2021

From a network scan perspective, fully authenticated assessments are a key part of that process as they provide up to 45 times more findings and insight than uncredentialed assessments (assessments by Nessus Agent are authenticated in terms of plugin coverage). Assessment - “Perform thorough tests” to On.

Systems Review

Systems Review Software Review Authentication Policies

50 Best HIPAA-Compliant Cloud Storage Solutions

Datica

SEPTEMBER 11, 2019

This high performance and easy-to-use block storage solution is often used with the Amazon Elastic Compute Cloud for transaction-intensive workloads and high throughput. Performance for any workload. You can also use Amazon FSx as a standalone high-performance file system to burst all workloads from on-premise to cloud.

Storage

Storage Cloud Backup Disaster Recovery

IT Risk Assessment: Is Your Plan Up to Scratch?

Kaseya

DECEMBER 7, 2021

Cost control: Performing regular risk assessments will also let you know where to cut costs and where to concentrate resources. Performing IT risk assessments can ensure your infrastructure and processes are always in compliance with the laws. How often should you perform IT risk assessments? .

Backup

Backup Disaster Recovery Weak Development Team Systems Review

PHP vs. Python: How to Choose the Right Programming Language

Mobilunity

JANUARY 2, 2025

Over the years, it has significantly changed and developed, having gained features that improve performance and security. In web app development, Python offers frameworks such as FastAPI and Flask for assembling high-performance APIs with built-in validation and asynchronous support. Constant relevance.

PHP

PHP Programming Weak Development Team Technical Review

Atlanta Technology Startup Ecosystem: Venture Capital Providers, Educational Programs and Rising Stars to Learn From

Altexsoft

APRIL 7, 2020

Pindrop is voice recognition and anti-fraudster software provider from Atlanta which allows integrating authentication solutions to call centers. It provides software to allow users to create lists of marketing and sales leads or perform advanced searches right from the browser.

Technical Review

Technical Review Education Programming Security

CTO Universe

Microsoft’s November 2024 Patch Tuesday Addresses 87 CVEs (CVE-2024-43451, CVE-2024-49039)

CVE-2024-8260: SMB Force-Authentication Vulnerability in OPA Could Lead to Credential Leakage

Webinars

Trending Sources

It's 2022. Why do you keep using SMB?

Webinars

Maximize Your Vulnerability Scan Value with Authenticated Scanning

From Bugs to Breaches: 25 Significant CVEs As MITRE CVE Turns 25

Microsoft’s September 2024 Patch Tuesday Addresses 79 CVEs (CVE-2024-43491)

MSPs are the Holy Grail for Cybercriminals! Are You Protected?

5 Ways to Protect Scanning Credentials for Windows Hosts

Build RAG-based generative AI applications in AWS using Amazon FSx for NetApp ONTAP with Amazon Bedrock

Microsoft’s March 2022 Patch Tuesday Addresses 71 CVEs (CVE-2022-23277, CVE-2022-24508)

Examining the Treat Landscape

Palo Alto Networks Recognized in Critical Capabilities Report

Challenges and Checklists While Migrating COTS Application to Cloud

Our impressions from Apple’s 2019 Worldwide Developer Conference (WWDC)

Running the OpenTelemetry Collector in Azure Container Apps

Running the OpenTelemetry Collector in Azure Container Apps

Slack Patches Download Hijack Vulnerability in Windows Desktop App

CISA Directive 22-01: How Tenable Can Help You Find and Fix Known Exploited Vulnerabilities

50 Best HIPAA-Compliant Cloud Storage Solutions

IT Risk Assessment: Is Your Plan Up to Scratch?

PHP vs. Python: How to Choose the Right Programming Language

Atlanta Technology Startup Ecosystem: Venture Capital Providers, Educational Programs and Rising Stars to Learn From

Stay Connected