Resources
Blog
Active Directory SID History Injection Attacks
Learn how hackers use Active Directory SID History injection to gain admin access undetected, why monitoring tools miss it, and how to defend against this threat.
Microsoft Entra ID P2: Features, Pricing & P1 vs P2
Compare Microsoft Entra ID P2 and P1, explore advanced features, understand pricing, and learn how to address security gaps in hybrid identity environments.
Hybrid Identity Management in Active Directory
Learn to protect your Active Directory and cloud environments from threats like lateral attacks, credential theft, and misconfigurations with proven security strategies.
Cayosoft Recognized in 2026 Gartner® Market Guide for Microsoft 365 Governance Tools
Cayosoft is recognized in 2026 Gartner® Market Guide for Microsoft 365 Governance Tools. Learn more.
The PetitPotam Identity Attack Vector Explained
Learn how PetitPotam exploits NTLM authentication to compromise Active Directory, why traditional security fails, and how real-time monitoring stops it.
Kerberos RC4 Hardening: What Microsoft’s CVE-2026-20833 Update Really Means For Active Directory Admins
Microsoft is ending Kerberos RC4 support. Get the timeline, registry fixes, and AES migration steps to avoid outages.
Active Directory MFA: Security Playbook for Hybrid Environments
Active Directory MFA fails at gaps, not during setup. Learn how attackers bypass MFA in hybrid AD and Entra ID environments.
LDAP vs. Active Directory: Key Differences
Learn the critical differences between LDAP protocols and Active Directory services and how to protect against vulnerabilities in hybrid environments.
Securing Active Directory in 2026
Learn essential steps for securing Active Directory in 2026. Discover how Cayosoft enhances protection and speeds up recovery.
Guardian Instant Forest Recovery Now Supports WORM Storage for Azure and AWS
Breached credentials? Spot exposed AD & Entra ID accounts fast with Cayosoft Guardian + HIBP. Verified alerts, less noise, faster action.
Constrained Delegation: Security and Implementation
Learn how constrained delegation works in Active Directory, implement it securely, and protect your environment from delegation-based attacks.
Microsoft Teams Governance Best Practices in 2026
Discover essential Microsoft Teams governance strategies and best practices for 2025. Learn how to implement effective policies, secure data, and automate management.
Identity Governance and Administration: The Keys to Security in 2026
Discover how identity governance and administration strengthen security in 2026. Learn about essential components, essential tools, and best practices for effective access management.
Active Directory Setup Guide: Key Steps for 2026
Discover essential steps and best practices for active directory setup. Learn about security policies, compliance requirements, and management solutions.
Active Directory Hardening Best Practices for 2026
Discover comprehensive Active Directory hardening strategies for 2026, including security controls, monitoring tools, and automation solutions to protect your AD infrastructure effectively.
Closing the Loop on Breached Credentials: How Cayosoft and HIBP Strengthen Hybrid Identity Resilience
Breached credentials? Spot exposed AD & Entra ID accounts fast with Cayosoft Guardian + HIBP. Verified alerts, less noise, faster action.
How to Prevent Man-in-the-Middle Attack
Discover how to enhance Active Directory security through GPO password policy optimization. Learn best practices, implementation tips, and advanced techniques for robust password management.
Entra ID vs Active Directory: Key Differences
Learn the critical differences between Entra ID and Active Directory, including architecture, authentication, and how to manage hybrid environments.
Active Directory Attacks: All You Need to Know in 2026
Discover essential prevention methods, detection techniques, and recovery solutions to defend against Active Directory attacks in 2025.
Cayosoft Named in the Gartner® ITDR Research: “Enhance Cybersecurity and Resiliency by Extending the Discipline of ITDR.”
Cayosoft recognized in Gartner ITDR research for identity recovery. See how Cayosoft enables rapid AD & Entra ID restoration in minutes.
AI and Identity Security in 2025: What Ignite Really Changed
AI is becoming deeply embedded in how organizations operate, and identity is now at the center of that shift. After Ignite 2025, identity security is no longer just a foundational IT function. It is the control plane for how AI interacts with people, systems, and data.
Active Directory Delegation Best Practices
Learn proven Active Directory delegation strategies to enhance security, reduce administrative burden, and maintain least privilege access across your Microsoft environment.
Office 365 Security: Best Practices for IT Pros
Discover essential Office 365 security best practices to protect your digital workspace. Learn key strategies for safeguarding data and mitigating threats in the cloud.
Active Directory Freeware: How to Protect in Real Time
Learn how real-time Active Directory freeware protects hybrid Microsoft environments from threats that static scanners miss.
Essential HIPAA Disaster Recovery Plan Requirements
Learn essential HIPAA disaster recovery plan requirements, compliance strategies, and best practices to protect healthcare data and maintain operations during disruptions.
How to Detect and Prevent Identity-Based Attacks
Learn how to detect identity-based attacks, recognize common threats like credential theft and privilege escalation, and protect your infrastructure.
Office 365 Data Loss Prevention: How to Secure Your Business
Discover essential strategies for implementing Office 365 data loss prevention to safeguard sensitive information, prevent data breaches, and ensure compliance.
Microsoft Teams HIPAA Compliance: 5 Critical Factors
Learn how service principal names work in Active Directory and how to manage SPNs securely, troubleshoot authentication issues, and protect against vulnerabilities.
Introducing Guardian Protector
Stop blind spots in AD, Entra ID & M365. Get free real-time threat detection, live change monitoring, and a community-backed threat library.
Service Principal Name Manual for Active Directory Security
Learn how service principal names work in Active Directory and how to manage SPNs securely, troubleshoot authentication issues, and protect against vulnerabilities.
Privilege Elevation: Security Risks & Management Guide
Learn how privilege elevation attacks threaten enterprise security and how to implement effective delegation management frameworks to protect your infrastructure.
Force AD Replication: A Complete Manual to Active Directory Sync
Learn how to force AD replication using command line tools and GUI methods. This complete guide includes step-by-step instructions for Active Directory sync.
When AD Recovery Failure is Not An Option
Active Directory downtime can cost millions and destroy trust. Learn why traditional backups fail, the hidden risks of reinfection, and how to ensure instant, trusted AD recovery that keeps your business running.
HIPAA Audit Log Requirements: A Complete Manual
This complete guide to HIPAA audit log requirements for 2025 will help you learn essential logging practices, implementation strategies, and compliance best practices for healthcare organizations.
Certificate-Based Authentication: Security Manual for Entra ID
Learn how to secure certificate-based authentication in Entra ID environments, detect attack vectors, and implement defense strategies against misconfigur86ations.
Zerologon Vulnerability: The Critical AD Exploit Explained
Learn how the Zerologon vulnerability (CVE-2020-1472) exploits Active Directory cryptographic flaws, including attack methods and essential protection strategies.
Pass the Ticket Attack: Active Directory’s Hidden Danger
Protect your Active Directory from the Pass the Ticket attack. Learn the mechanics, devastating impact, and defense strategies to safeguard your organization.
How to Protect Active Directory from a Kerberoasting Attack
Kerberoasting Attack: Learn how to protect your Active Directory from this silent, but potent threat. Discover detection, prevention, and mitigation strategies.
Identity Security Posture Management: What You Need to Know
Learn what identity security posture management is, how it addresses security challenges, and the implementation steps you can take for stronger identity protection.
Golden Ticket Attack: How To Protect Your Active Directory
Discover how Golden Ticket attacks silently threaten Active Directory, granting hackers unrestricted access. Learn how to protect your network and recover your network in case of attack.
Beyond Access: How Healthcare IT Can Cut Costs, Shrink Attack Surfaces, and Protect Patient Data with Smart Automation
In healthcare, behind every login is a nurse, a physician, and—most importantly—a patient in need. When identity systems fail, care delivery comes to a halt. That reality has been underscored by recent breaches, where stolen credentials, dormant admin accounts, and lateral movement across hybrid systems have caused not just IT outages, but also treatment delays, patient diversions, and canceled surgeries.
Making the Most of Your Microsoft Ignite 2025 Experience
Check out this complete guide to Microsoft Ignite 2025 at the Moscone Center in San Francisco. Get tips for sessions, networking, and accommodation to maximize your experience.
Cayosoft Administrator 12.3.1: Smarter Scopes, Safer Administration
The latest release of Cayosoft Administrator provides enhanced control, flexibility, and protection for your hybrid Microsoft management workflows.
Reimagining Hybrid Identity Security with ISRM built around the evolution of ITDR+R
Identity Resilience Surface Management (IRSM) boosts hybrid identity security across AD, Entra ID, Intune, and M365 with a full-stack ITDR+R approach.
MFA Fatigue Attacks: How They Work and Prevention Strategies
Learn how MFA fatigue attacks exploit authentication weaknesses and discover proven strategies to protect your organization from these threats.
Forest Recovery in Active Directory: Are You Prepared?
Master Active Directory forest recovery and understand the critical forest vs. domain distinction to safeguard your environment from outages.
DHS Releases Over $100M in Cybersecurity Grants—Here’s What It Means for Public Sector Identity Protection
On August 1, 2025, the U.S. Department of Homeland Security (DHS), in partnership with the Cybersecurity and Infrastructure Security Agency (CISA) and FEMA, announced more than $100 million in new funding to support cybersecurity improvements across state, local, and tribal governments.
ITDR Solutions: How to Detect and Block Identity Threats
A complete guide to ITDR solutions for identity threat detection and response. Learn key features, benefits, and implementation strategies.
Spot the Intruder Before the Breach: New Honey Account Detections in Cayosoft Guardian Audit & Restore
Detect intrusions early with honey account detection in Cayosoft Guardian. Get real-time alerts on brute-force, Kerberos, and AD reconnaissance attacks.
Downtime Is Dangerous: Why Identity Resilience is Now Mission-Critical for Healthcare
In healthcare, downtime is more than a technical inconvenience—it’s a patient safety issue. When clinicians can’t access EHR systems, when prescriptions are delayed, or when admissions grind to a halt, the consequences can be fatal.
Protecting Active Directory Against Pass-the-Hash Attacks
Don’t let Pass-the-Hash attacks compromise your Active Directory. Learn the best detection and prevention strategies to protect your organization.
Microsoft Teams: The New Playground for Social Engineering and Ransomware Attacks!
Microsoft Teams ransomware exploits trusted chats to bypass defenses. Learn how social engineering turns Teams into a threat playground & how to fight back.
A New SharePoint Flaw Is an Identity Crisis in Disguise
CVE-2025-49704 landed with a thud in Microsoft’s security feed this week. On the surface, it appears to be “just another SharePoint bug.” In reality, it’s a front door into the most critical layer of your business: identity.
The CIO’s Manual to Identity Threat Detection and Response (ITDR)
Learn ITDR strategies for CIOs to protect enterprise identities with threat detection and response systems that go beyond traditional security approaches.
Active Directory Forest Recovery: A Manual for IT Teams
Learn key strategies and best practices for forest recovery implementation, including automated solutions and validation steps for optimal directory restoration.
Security Group vs. Distribution Group: Key Differences Explained
Learn the key differences between security groups and distribution groups in Active Directory, their specific use cases, and best practices for efficient management.
Microsoft’s Intune Baseline Rollback Bug: What IT Leaders Need To Know
Microsoft’s Intune Baseline rollback bug silently deleted security configs during baseline upgrades. Discover how to identify these subtle changes.
Cayosoft Guardian Audit & Restore vs. Quest Change Auditor
Learn how Cayosoft Guardian outperforms older solutions like Quest Change Auditor and why many teams are making the switch.
What is Mimikatz? A Security Guide for Organizations
What is Mimikatz? This security guide unveils the secrets of this credential theft tool, how it threatens Active Directory, and how to protect against it.
Understanding ESC1 Active Directory Attacks
A deep dive into ESC1 attacks: technical mechanics, attack vectors, and essential prevention strategies to protect your Active Directory infrastructure.
AdminSDHolder: A Critical Active Directory Security Guide
Learn how AdminSDHolder protects privileged Active Directory accounts, understand potential security risks, and implement robust safeguards for your AD infrastructure.
NTLM Relay Attack Prevention: A Checklist for Active Directory Security
TL;DR Active Directory environments face severe risks from an NTLM relay attack, which exploits the lack of mutual authentication in legacy protocols to intercept credentials and gain unauthorized network access. Organizations can mitigate these vulnerabilities by phasing out NTLM in favor of Kerberos, enforcing SMB signing, and implementing strict privilege
New in Cayosoft Guardian Audit & Restore: Password Hash Analysis to Detect Breached Passwords
Discover the top five privileged access management best practices to strengthen your security posture, reduce risks, and protect critical digital assets across your enterprise.
Top 5 Privileged Access Management Best Practices
Discover the top five privileged access management best practices to strengthen your security posture, reduce risks, and protect critical digital assets across your enterprise.
Digital Forensics and Incident Response: Real-Time Security
Learn how digital forensics and incident response strategies can protect your organization from costly ransomware attacks while optimizing security resources.
How to Maximize IT Efficiency with Active Directory Automation
Discover how Active Directory automation streamlines IT operations, enhances security, and boosts efficiency. Learn key features and benefits.
The Essential Guide to Entra ID Certificate Management
Discover comprehensive strategies for Entra ID certificate management in 2025, including best practices, security enhancements, and automated solutions.
Rogue Domain Controllers: Strategies for Detection & Prevention
Discover comprehensive strategies to detect and prevent rogue domain controller attacks in Active Directory environments.
Enterprise Access Model: Microsoft’s Security Strategy
Discover how the enterprise access model enhances security through tiered infrastructure, privileged access management, and advanced monitoring.
Understanding SMB Vulnerabilities: Security Risks & Prevention
Discover critical SMB protocol vulnerabilities and learn effective strategies to protect your network infrastructure with comprehensive security measures.
Active Directory Forest Recovery – Four Pillar Framework
Discover the Four Pillars of Active Directory Forest recovery. Learn how proactive strategies and Zero Trust principles ensure secure, hybrid-ready AD forest recovery.
How to Configure Entra ID Password Policy
Discover essential guidelines for configuring and managing Entra ID password policies. Learn best practices, NIST standards, and security measures.
Understanding Active Directory Attributes: A Complete Guide
Discover essential Active Directory attributes for user data management. Learn key functions, best practices, and tips to optimize your directory infrastructure.
Understanding NTDS.DIT: Active Directory’s Critical Database
Discover essential strategies for managing and protecting the ntds.dit file, including performance optimization, backup practices, and advanced recovery solutions.
Resource-Based Constrained Delegation: Risks Explained
Discover how resource-based constrained delegation works, its security implications, and essential preventive measures to protect your Active Directory environment.
DCshadow Attack: Understanding and Preventing This AD Threat
Learn about DCshadow attacks, their technical mechanics, and how to protect your Active Directory installation. Discover effective detection methods and prevention strategies for this threat.
Enhanced Windows LAPS Password View and Management
Introduction In our commitment to provide robust Active Directory, Entra ID, and M365 security, monitoring, and recovery Cayosoft Guardian is rolling out new features designed to make your security processes more streamlined and secure. With the latest update, we’re introducing modern LAPS management capabilities directly in the product. Feature Highlights
Active Directory Administrative Center: Streamlining AD Management
Discover how the Active Directory Administrative Center streamlines AD management. Learn key features, compare ADAC with ADUC, and explore advanced solutions for efficient operations.
GPO Password Policy: Boosting Active Directory Security
Discover how to enhance Active Directory security through GPO password policy optimization. Learn best practices, implementation tips, and advanced techniques for robust password management.
Active Directory OU: Optimizing Organizational Structure
Learn how to optimize Active Directory OUs for improved security, efficiency, and management. Explore best practices, tools, and strategies.
Understanding the Critical Role of the KRBTGT Account in Security
Explore the critical role of the KRBTGT account in Active Directory security. Learn best practices for management, threat detection, and advanced protection strategies.
Insider Threat Prevention: How to Safeguard Your Organization
Discover comprehensive insider threat prevention strategies, including risk assessments, robust policies, and advanced solutions to safeguard your organization.
Enhanced Security and Deployment with gMSA and AD Connector
In our commitment to provide robust Active Directory, Entra ID, and M365 security, monitoring, and recovery Cayosoft Guardian is rolling out new features designed to make your security processes more streamlined and secure. With the latest update, we’re introducing Group Managed Service Account (gMSA) integration and the AD Connector feature,
Active Directory Logs: Essential Guide for IT Professionals
Discover the power of Active Directory logs for enhanced security and management. Learn how to leverage, analyze, and interpret log data for optimal IT operations.
Password Hash Synchronization: How to Ensure Secure and Easy Access
Explore how password hash synchronization enhances secure and seamless access across on-premises and cloud environments, including benefits, challenges, and best practices.
Active Directory Security Best Practices: Key NSA Guidelines
Most global businesses run hybrid AD environments, and following active directory security best practices is critical when combining on-premises and cloud services to secure both Active Directory (AD) and Microsoft Entra ID (formerly Azure AD). Both systems manage identity and access control, making them prime targets for attackers aiming to
How to Protect AD with Fine-Grained Password Policy
Fine-Grained Password Policy (FGPP) solutions improve security for Service and Tier 0 accounts by applying customized password policies to different user groups in Active Directory, enhancing compliance and protection without compromising usability.
K-12 Ransomware Protection: Securing Schools’ AD & Entra ID
As K-12 schools increasingly rely on digital services and key infrastructure such as Active Directory and Entra ID for authentication and access to support education services. We continue to see an increase with being targeted by Ransomware groups and falling victim to ransomware attacks, putting sensitive data and education services
Qilin Ransomware: How to Detect & Protect Against This Exploit
Qilin ransomware has emerged as a significant threat to organizations, particularly those relying heavily on Active Directory for managing their IT infrastructure. Qilin ransomware has adopted a new method for stealing credentials from Google Chrome browsers by leveraging Active Directory Group Policy. In this guide, we will explore how Qilin
FSMO Roles: The Hidden Key to Resilient Active Directory
At the heart of every well-functioning Active Directory (AD) environment lies a set of unsung heroes: Flexible Single Master Operation (FSMO) roles. These specialized roles hold the keys to your AD’s resilience, stability, and recoverability. While they may not be the most glamorous aspect of AD management, understanding and safeguarding
Mastering Microsoft 365 Governance: Active Directory Guide
TL;DR Effective Microsoft 365 governance relies on strategic Active Directory management to secure user identities, enforce role-based access control, and automate the user lifecycle in hybrid environments. By utilizing automation and centralized reporting, organizations can mitigate security risks, streamline administrative tasks, and maintain strict regulatory compliance across all group types.
Prevent & Detect VMware ESXI Vulnerability CVE-2024-37085 with Cayosoft Threat Detection
CVE-2024-37085 is an authentication bypass vulnerability in VMWare ESXi being currently being exploited by ransomware groups. This blog will review the background of the exploit and how to leverage Cayosoft Guardian to scan for potential indicators of compromise and proactively defend against future attacks. The short video below also provides
Managing Active Directory in a Zero Trust World
Applying a Zero Trust strategy to Active Directory management reduces your identity threat landscape, enhances access controls and segmentation, enforces just-in-time access, and improves monitoring and incident response. Overall, this approach strengthens your identity platform and makes it more resilient. In this blog, learn how Zero Trust strategy and principles
Securing Active Directory Against DCSync Attacks
DCSync attacks remain a persistent threat to Active Directory (AD) security. These attacks cleverly exploit normal AD replication processes, allowing hackers to secretly extract sensitive password hashes. This access can pave the way for widespread exploits across your network. Given the prevalence of DCSync attacks, IT professionals must be equipped
Surviving LockBit: How to Protect Your Organization
Don’t wait to be a victim. Protect your organization from LockBit ransomware. Learn about prevention, detection, and response strategies.
Active Directory Best Practices for Management in 2026
TL;DR Modern organizations must prioritize Active Directory best practices by transitioning from manual management to automated workflows to mitigate risks like human error and sophisticated cyberattacks. Implementing strategies such as the principle of least privilege, automated user lifecycle management, and continuous auditing ensures a secure and resilient IT infrastructure. In
Top 4 Security Measures Against Silver Ticket Attacks
Learn how to safeguard your network from silver ticket attacks with top security measures and expert advice on Active Directory protection.
Securing SYSVOL: Threats, Protection, and Recovery
What is SYSVOL and Why is it Important? For many IT professionals, the system volume (SYSVOL) might seem like just another shared folder. However, if not properly protected, it represents a critical security vulnerability within every Active Directory domain controller. SYSVOL stores the essential files and scripts that govern user
Active Directory Software: Top 7 Enterprise Requirements
Understanding the Complexities of Enterprise IT Security The Microsoft Digital Defense Report reveals a concerning trend: 93% of Microsoft’s ransomware incident response engagements uncovered insufficient controls on privilege access and lateral movement. This illustrates that companies need to strengthen their user management and security in 2024. The growing trend underlines
Active Directory Authentication Explained
Getting Smart with Active Directory Authentication Let’s talk about Active Directory authentication, a key player in your IT environment’s security. In simple terms, it’s like the main gatekeeper of your organization’s IT environment, deciding who gets in and what they can do. This isn’t just about keeping bad guys out,
Active Directory Cleanup: Top 8 Best Practices
TL;DR Regular Active Directory cleanup optimizes system performance and strengthens security by removing obsolete objects, inactive accounts, and unoptimized Group Policy Objects. Implementing automated monitoring and metadata maintenance ensures long-term regulatory compliance while reducing the risks associated with unauthorized access and replication errors. Top Best Practices for Optimal Performance |
Are You Taking Active Directory Forest Recovery Serious Enough? Recent Survey Says No
Peer Survey Highlights: Active Directory Forest Recovery Needs Attention Cayosoft recently sponsored a survey on Active Directory (AD) forest recovery, in partnership with Petri.com, the IT Knowledgedatabase. Over 1,000 IT professional were surveyed and uncovered some interesting findings. Below are a few highlights. To learn more, check out the full
Active Directory Schema: Essentials & Backup Strategy
Understanding Active Directory Schema Before we dive into the backup, let’s clear up what an Active Directory schema is. Simply put, the Active Directory schema is a set of definitions that outline what kinds of objects and information about those objects can be stored in Active Directory. Think of it
It All Starts with the User: Active Directory User Management vs. Security
Active Directory User Management Imagine yourself overseeing a large online system, where each action affects your IT infrastructure. Welcome to the world of Active Directory user management – a domain where precision meets strategy, and the right tool can turn a challenging task into a streamlined process. In this domain,
Why You Need to Recover Active Directory Forest
Essential Considerations to Recover Your Active Directory Forest Active Directory isn’t just a part of your IT infrastructure, it’s the forgotten central hub that keeps everything running smoothly. But with great power comes great responsibility – and vulnerability. It’s a primary target for attackers and any disruption will send ripple
Enhancing IT Agility with Automated User Provisioning in Active Directory
Understanding Automated User Provisioning in Active Directory In the world of IT, manual management of user provisioning and deprovisioning feels as outdated as a floppy disk. Just imagine trying to juggle countless user profiles across diverse on-premise and cloud environments—it’s a logistical nightmare. Enter the era of automated user provisioning
Predicting the Unpredictable: Crafting Your Active Directory Disaster Recovery Plan
Explore the Importance of an Active Directory Recovery Plan Active Directory is the heart of many enterprises, tying together users, permissions, and vital services. When disaster strikes, whether it’s a cyberattack or a technical malfunction, the impact can be immense. That’s why an Active Directory disaster recovery plan isn’t just
Selecting the Right Tools to Manage Active Directory in 2024
How to Choose the Best Tools to Manage Active Directory In the changing world of IT management, choosing the right tools to manage Active Directory is very important. Active Directory is the main system for managing identities and access in your organization. It needs a strong solution that simplifies operations,
Peer Survey: Impact, Vulnerability, and Costs to Recover Active Directory Forests
Recover Your Active Directory Forest – Examining the Critical Impacts A couple years ago, Cayosoft commissioned a survey of 200 technology leaders to better understand the impacts and costs when recovering an Active Directory. We wanted to revisit this research, examine the answers, and see the differences between now and
Active Directory Disaster Recovery: How Confident Are You in Your AD Forest Recovery?
Is Your Active Directory Disaster Recovery Reliable? Will Your AD Forest Recovery Work When You Need It? If you are responsible for managing your organization’s Active Directory (AD) environment you understand how important it is to minimize downtime, protect against data loss, and ensure business continuity during an AD outage,
Is it Time for your Microsoft Enterprise Agreement Renewal?
Resources to Optimize Microsoft 365 (Formerly Office 365) License Management and Reduce Costs For organizations with 500 or more users or devices, that want a more manageable volume licensing program, the Microsoft Enterprise Agreement (EA) provides the ability to buy cloud services and software licenses under one agreement. These enterprise agreements are
Active Directory and Microsoft 365 Account Provisioning And User Lifecycle Management: Hidden Costs and Recommendations
At its core, user provisioning is a process that makes sure that user accounts are created, given the most appropriate level of permissions and managed moving forward across an enterprise. Keep in mind, however, that these days most Microsoft environments, in particular, are hybrid, meaning that they have both on-premises
Mednax Improves Hybrid Microsoft 365 Security and Administrative Efficiency: A Cayosoft Customer Story
After moving to a hybrid Microsoft Office 365 environment, the IT team at Mednax began looking for a management solution to help the organization securely manage the environment. “We also considered how we could empower other groups within Mednax, such as the security team and the help desk, and keep
Connect with Cayosoft at Gartner Security and Risk Management Summit
Join Us at the Gartner Security and Risk Management Summit Cayosoft is proud to be a sponsor for Gartner Security and Risk Management Summit 2022. IT and security professionals will come together to explore and share the latest trends in cybersecurity, IT threat mitigation, and new initiatives to safeguard their
Understanding IAM: Everything You Need to Know About the Components of Identity and Access Management
Discover the Essential Components of Identity and Access Management Beginning in 2021, the second Tuesday of April is Identity Management Day. As a joint venture between the Identity Defined Security Alliance (IDSA) and the National Cybersecurity Alliance (NCA), Identity Management Day was created to raise awareness and educate business leaders,
Senate Passes Cybersecurity Act: Orgs to Report Cyberattacks & Ransom Payments
The Senate on Tuesday passed major cybersecurity legation, moving one step closer toward forcing critical infrastructure companies to report cyberattacks and ransomware payments. The passage comes as federal officials have repeatedly warned of the potential for Russian cyberattacks against the United States amid the escalating conflict in Ukraine. The legislation,
Azure AD Connect: New Update
New Azure AD Connect Version 2.0.91.0 Released This week, Microsoft released an updated version of Azure AD Connect. This new version provides compliance of the Azure AD Connect Health component with the Federal Information Processing Standards (FIPS) requirements. Keep track and understand all the versions that have been released —
‘Wormable’ Flaw Leads January 2022 Patch Tuesday
Microsoft Releases Over 100 Updates in Patch Tuesday for January 2022 The January security updates from the Redmond-based software giant cover security defects in a wide range of default Windows OS components, including a critical flaw in the HTTP Protocol Stack (http.sys) that Microsoft describes as “wormable,” and another code
ManageEngine Zero-Day Flaw Actively Being Exploited
FBI Warns: APT Groups Exploiting Critical Vulnerability in ManageEngine Software Earlier this month, the FBI and Cybersecurity and Infrastructure Security Agency (CISA) released a joint advisory highlighting a newly discovered vulnerability being actively exploited in ManageEngine ServiceDesk Plus, owned by Zoho Corp, an IT help desk and asset management software.
FBI & CISA Warning: ManageEngine Flaw Poses Serious Risk
APT Actors Exploit Vulnerability in ManageEngine ADSelfService Plus Reports confirm a critical security vulnerability in ManageEngine ADSelfService Plus, a self-service password management and single sign-on (SSO) tool for Active Directory environments, is actively being exploited. This newly discovered vulnerability, CVE-2021-40539, presents a critical authentication bypass risk that affects REST API
Credentials for Nearly 500,000 Fortinet VPN Users Leaked
Hackers Leak Passwords for Fortinet VPN Servers A list with nearly half a million Fortinet VPN user credentials, allegedly scraped from unprotected devices, is now being shared on hacker forums across the dark web. On Tuesday, a threat actor known as “Orange”, thought to be a member of the popular
New Microsoft Vulnerability, MSHTML RCE, Under Active Attack
Microsoft Alerts of New Zero-Day Flaw in Windows Microsoft released a security alert yesterday announcing a newly discovered flaw for a remote code execution (RCE) in MSHTML that is currently being exploited. MSHTML, also known as Trident, is a component used as a browser rendering engine for Microsoft Office documents.
New Pricing for Microsoft 365
New Commercial List Pricing for Office 365 Microsoft announced changes to their commercial pricing for Microsoft 365—the first substantive pricing update since the launch of Office 365 a decade ago. Microsoft says that this updated pricing reflects the increased value they have delivered to their customers over the past 10
New Find: Windows 365 Exposes Microsoft Azure Credentials In Plaintext
Windows 365 credentials can be dumped in plaintext On August 2nd, 2021, Microsoft launched their Windows 365 cloud-based desktop service, allowing users to rent Cloud PCs and access them via remote desktop clients or a browser. One of the lucky few who could get a free trial was Benjamin Delpy,
Thank Your SysAdmins – It’s System Administrator Appreciation Day!
Happy System Administrator Appreciation Day! System Administrator Appreciation Day, also known as SysAdmin Day, is an event created by System Administrator, Ted Kekatos. It all started when Kekatos saw a magazine advertisement in which a System Administrator was presented with flowers and fruit-baskets by grateful co-workers as thanks for installing
3rd Windows Print Spooler Critical Vulnerability Detected
Windows PrintNightmare Vulnerabilities & Exploits Continue At the end of June and earlier this month, Microsoft released a security update regarding a Windows Print Spooler critical vulnerability, now being called PrintNightmare. Their original guidance, CVE-2021-1675, was quickly met with backlash as patches released by Microsoft were reported to not fix
Microsoft Discovers New SolarWinds Flaw Under Attack
Microsoft Uncovers Remote Code Execution (RCE) Vulnerability & Zero-Day Exploit of SolarWinds Serv-U Product Microsoft recently alerted software company, SolarWinds, of a new vulnerability uncovered, providing proof of concept to the company last week. It was found in SolarWinds Serv-U product, in two IT management utilities used to manage remote
Thousands, Possibly Millions, of Businesses Affected by Latest Ransomware Attack
Kaseya Platform Targeted in Large-Scale Global Ransomware Attack Over the holiday weekend, notorious cybercrime group, REvil, successfully launched a ransomware attack targeting Managed Service Providers (MSPs). This unprecedented hack triggered an infection chain compromising a massive, global supply chain, with reports showing at least 1,000 businesses over 17 countries being