CSOonline

‘Win-DDoS’: Researchers unveil botnet technique exploiting Windows domain controllers

SafeBreach researchers demonstrate how attackers can crash Windows domain controllers and build a botnet using unauthenticated RPC and LDAP vulnerabilities. At DEF CON 33, security researchers ...
Ars Technica

LDAP over SSL and Certifcates for a .local domain

hoping some one has seen this issue and can lend a hand here. I've been tasked with setting up LDAP over SSL (TLS) for a Windows domain controller. This requires an SSL certificate to encrypt LDAP ...
Bleeping Computer

Microsoft: SolarWinds fixes Serv-U bug exploited for Log4j attacks

SolarWinds has patched a new Serv-U vulnerability discovered by Microsoft that threat actors attempted to use to propagate Log4j attacks to internal LDAP servers. Serv-U can be configured to ...
CSOonline

Critical Windows LDAP flaw could lead to crashed servers, RCE attacks

LDAPNightmare: If December Patch Tuesday server updates have not yet been installed, it’s time to do so to avoid DoS or RCE attacks on Active Directory domain controllers as shown by PoC exploit.
Dark Reading

Unpatched Active Directory Flaw Can Crash Any Microsoft Server

One of two critical Active Directory Domain Controller vulnerabilities patched by Microsoft last month goes beyond the original denial-of-service (DoS) attack chain and can be used to crash multiple, ...