The Birth and Death of “LoopyTicket” – Our Story on CVE-2025-33073 研究人员在实验中意外发现Kerberos Reflection攻击漏洞（CVE-2025-33073），通过设置特定DNS记录并结合工具（如PetitPotam和krbrelayx），成功反射认证并获取域控制器的SAM hive。该漏洞利用需满足网络访问、域用户凭证、SMB签名未启用等条件，并可扩展至成员服务器。... 2025-6-27 13:0:0 | 阅读: 87 | 收藏 | GuidePoint Security - www.guidepointsecurity.com htp client loaded dc01 planet

The Cyber Risk-Business Alignment Imperative: Insights from the 2025 State of Cyber Risk Management Report 文章探讨了网络风险管理的重要性，指出成熟策略结合自动化和AI能有效降低风险，并强调数据整合和跨部门沟通对提升组织韧性的作用。... 2025-6-26 11:0:0 | 阅读: 30 | 收藏 | GuidePoint Security - www.guidepointsecurity.com security maturity appetite assessments

Expert Guidance, Real Impact: What the NTAS Advisory Means for Your Organization 中东紧张局势加剧引发网络安全威胁上升，美国Homeland Security发布警告称可能面临报复性网络攻击。专家建议企业加强风险管理、身份认证、云安全和物联网防护等措施以应对潜在威胁。... 2025-6-25 21:11:56 | 阅读: 41 | 收藏 | GuidePoint Security - www.guidepointsecurity.com security guidepoint cloud threats attackers

Why IAM Maturity Still Eludes Most Organizations — And What High Performers Are Doing Differently 文章指出身份和访问管理（IAM）在当前威胁环境中的重要性，尽管投入增加但多数组织仍未能达到成熟水平。研究显示高绩效者采用生物识别、自动化等先进技术，而其他组织则面临资源不足、流程手动化等问题。... 2025-6-25 16:10:0 | 阅读: 40 | 收藏 | GuidePoint Security - www.guidepointsecurity.com performers security investment maturity identities

Identity saw a large push for MFA in 2024, but now that bad actors are stealing credentials, what’s next? 文章指出，随着威胁 actors 的不断进化，传统的多因素认证（MFA）已不足以应对日益复杂的网络攻击。未来的身份安全需要结合自适应认证、无密码方案以及自动化零信任模型来增强防护能力。同时，人工智能在攻击和防御中的应用将改变身份安全的格局。... 2025-6-24 13:0:0 | 阅读: 23 | 收藏 | GuidePoint Security - www.guidepointsecurity.com security attackers adaptive adapt

Future-Proofing Your AWS Security: Expert Insights from Re:Inforce 2025 GuidePoint Security参加了AWS Re:Inforce 2025大会，探讨云安全挑战并分享新技术如Security Hub增强、GuardDuty扩展及AI集成。... 2025-6-23 19:56:24 | 阅读: 29 | 收藏 | GuidePoint Security - www.guidepointsecurity.com security cloud eks guidepoint analyzer

Embracing the Gigawave: Reflections from Zenith Live 2025 文章探讨了人工智能（AI）作为当前时代的核心驱动力及其带来的机遇与风险。强调了零信任架构在保障AI安全中的关键作用，并介绍了Zscaler的相关创新技术及成功案例。... 2025-6-20 13:0:0 | 阅读: 65 | 收藏 | GuidePoint Security - www.guidepointsecurity.com zscaler security era industries securely

Business Resilience Consultant vs. Practitioner: The Value of Collaboration 文章探讨了商业韧性的重要性，并强调顾问与从业者的协作对提升组织应对风险能力的关键作用。顾问提供战略指导和外部视角，而从业者则负责执行和日常管理。两者的结合使组织能够更高效、可持续地实现韧性目标，并在危机中快速响应和持续改进。... 2025-6-18 13:23:40 | 阅读: 18 | 收藏 | GuidePoint Security - www.guidepointsecurity.com resilience consultant consultants

The Simplification Imperative: A CISO’s Survival Guide 文章探讨了2025年网络安全面临的挑战与变革。随着威胁日益复杂化和规模化，CISO的角色从技术把关转向业务战略的关键参与者。文章指出需整合安全架构、利用AI治理、持续威胁狩猎等策略，并强调与高层沟通以将安全转化为业务价值。... 2025-6-17 13:0:0 | 阅读: 21 | 收藏 | GuidePoint Security - www.guidepointsecurity.com security ciso cisos leaders leadership

Operationalizing Cyber Risk Tolerance: From Policy to Practice 文章探讨了如何将网络安全风险容忍度融入组织文化、工作流程和技术中，以提升威胁响应速度和决策效率。通过明确风险容忍度指标、制定升级 playbook 和优化资源分配等方法，组织能够更有效地管理网络安全风险，并在日常运营中实现从理论到实践的转变。... 2025-6-16 13:31:16 | 阅读: 18 | 收藏 | GuidePoint Security - www.guidepointsecurity.com tolerance security thresholds tolerances

Incident Response: Can Your Organization Survive the Next Cyber Crisis? GuidePoint Security推出新的服务IRMA（事件响应成熟度评估），帮助组织衡量和提升其网络安全事件应对能力。该服务通过全面评估组织在预防、检测、响应和恢复方面的表现，提供定制化的成熟度分析和改进计划，助力企业建立更强大、更具韧性的事件响应体系。... 2025-6-10 13:0:0 | 阅读: 25 | 收藏 | GuidePoint Security - www.guidepointsecurity.com maturity irma clarity roadmap resilient

When to Call for Backup: How to Know It’s Time for IR Support 文章探讨了在安全事件中何时应寻求外部支持的重要性。面对复杂威胁如勒索软件或关键系统受损时，引入专业团队可加速响应并减少损失。内部团队需评估自身能力，并提前规划好升级机制和合作伙伴关系。... 2025-6-4 16:0:0 | 阅读: 28 | 收藏 | GuidePoint Security - www.guidepointsecurity.com security containment blake guidepoint consultant

Tabletop to Real World: Turning Incident Response Exercises into Operational Readiness 桌面演练是安全准备的关键步骤,但其价值在于后续改进与持续实践。通过分析问题、更新流程和定期演练,团队能提升响应能力,确保在真实事件中做好准备。... 2025-5-30 16:0:0 | 阅读: 27 | 收藏 | GuidePoint Security - www.guidepointsecurity.com exercises simulations security readiness tabletop

How Mature Is Your Identity and Access Management Program? 身份威胁频发且复杂化，超七成数据泄露源于身份攻击。研究显示多数组织在身份与访问管理（IAM）成熟度上仍显不足，面临手动流程依赖、技术投入不足及资源短缺等挑战。高绩效组织通过采用自动化及先进工具显著提升安全性。建议企业优先投资IAM技术并加强政策整合以应对威胁。... 2025-5-29 11:0:0 | 阅读: 18 | 收藏 | GuidePoint Security - www.guidepointsecurity.com security maturity processes guidepoint pam

You’ve Contained the Threat — What Comes Next? From Recovery to Lessons Learned 文章强调了网络安全事件发生后恢复和后续审查的重要性。通过系统验证、信任重建和持续改进，组织能够从事件中恢复并增强长期弹性。... 2025-5-22 13:0:0 | 阅读: 20 | 收藏 | GuidePoint Security - www.guidepointsecurity.com security restoring restoration containment blake

Navigating Incident Response Documentation 文章介绍了网络安全中的三个关键文档：Incident Response Plan（IRP）、Playbook 和 Runbook。IRP 是战略蓝图，定义整体应对策略；Playbook 提供战术指导；Runbook 提供详细操作步骤。三者协同工作，帮助组织快速响应安全事件、减少损失并适应威胁变化。案例显示完善这些文档可显著提升响应效率和团队信心。... 2025-5-15 13:0:0 | 阅读: 14 | 收藏 | GuidePoint Security - www.guidepointsecurity.com playbooks runbooks playbook strategic ransomware

Bridging the Gap: How a Controls-Focused Cybersecurity Program Aligns SEC Rules with Daily Operations 美国证券交易委员会（SEC）加强网络安全披露规则，要求企业保护数字资产并展示网络安全在业务中的整合。基于控制的策略帮助组织将监管要求转化为日常行动，并通过清晰文档确保合规性和战略执行。... 2025-5-13 13:0:0 | 阅读: 19 | 收藏 | GuidePoint Security - www.guidepointsecurity.com security governance operational regulatory

Interesting Interlock Intrusion: How Interlock Achieves Encryption 本文描述了一起由Interlock勒索软件团伙发起的 ransomware 攻击事件。攻击者通过 SocGholish 恶意软件和 NetSupportRAT 获取目标网络的持久访问权限，并利用 AZCopy 工具将敏感数据外泄至 Azure 云存储。随后部署 Interlock 加密器导致大量文件被加密并生成勒索信息。... 2025-5-8 13:0:0 | 阅读: 21 | 收藏 | GuidePoint Security - www.guidepointsecurity.com roaming 0nenote remote windows

Are You Using CNAPP to Its Full Potential, or Just Paying for It? 文章指出云原生应用保护平台（CNAPP）虽有潜力统一云安全防护，但多数企业仅使用部分功能，导致资源浪费和风险暴露。原因包括缺乏专业知识、培训不足及工具过载等。建议分阶段启用、跨部门协作并设定实际目标以最大化平台价值。... 2025-5-6 13:0:0 | 阅读: 15 | 收藏 | GuidePoint Security - www.guidepointsecurity.com cnapp cloud security enablement guidepoint

The Power of Women in Cybersecurity: Mentorship, Community, and Rising Together 这篇文章探讨了网络安全领域女性面临的挑战与机遇。通过国际妇女节的小组讨论，两位专家分享了如何通过导师制、社区支持和个人品牌建设在该领域取得成功。她们强调技术背景并非唯一途径，并鼓励女性利用行业会议、在线论坛和专业组织扩展人脉。文章旨在激励更多女性进入这一领域，并通过合作促进性别平等。... 2025-5-5 22:30:0 | 阅读: 17 | 收藏 | GuidePoint Security - www.guidepointsecurity.com lauren mentorship peggy guidepoint