Ars Technica

LDAP over SSL and Certifcates for a .local domain

hoping some one has seen this issue and can lend a hand here. I've been tasked with setting up LDAP over SSL (TLS) for a Windows domain controller. This requires an SSL certificate to encrypt LDAP ...
CSOonline

How to fix insecure LDAP binds to prevent exposed Windows admin credentials

Although Microsoft has a permanent fix on the way, it's possible that you're exposing domain admin account credentials in cleartext. Here's how to check for and solve that problem. First the good news ...
CSOonline

‘Win-DDoS’: Researchers unveil botnet technique exploiting Windows domain controllers

SafeBreach researchers demonstrate how attackers can crash Windows domain controllers and build a botnet using unauthenticated RPC and LDAP vulnerabilities. At DEF CON 33, security researchers ...
Dark Reading

Unpatched Active Directory Flaw Can Crash Any Microsoft Server

One of two critical Active Directory Domain Controller vulnerabilities patched by Microsoft last month goes beyond the original denial-of-service (DoS) attack chain and can be used to crash multiple, ...
Bleeping Computer

Microsoft: SolarWinds fixes Serv-U bug exploited for Log4j attacks

SolarWinds has patched a new Serv-U vulnerability discovered by Microsoft that threat actors attempted to use to propagate Log4j attacks to internal LDAP servers. Serv-U can be configured to ...