London Drugs closes all of its pharmacies following ‘cybersecurity incident’

External Penetration Testing

Secure Internet-facing IT assets.

Internal Penetration Testing

Secure internal networks and servers.

Web Application Penetration Testing

Secure mission-critical Web Apps & APIs.

Medical Device Penetration Testing

Secure smart medical equipment & data.

Cloud Security Services

Secure cloud-hosted assets & environments.

SCADA Cybersecurity Assessment

Secure SCADA / ICS systems & networks.

Cyber Maturity Assessment

Assess and prioritize your cybersecurity.

Red Team Security Services

Protect against sophisticated cyberattacks.

Consulting & Professional Services

Get advice and support from certified experts.

Compliance Services

Meet the requirements of various standards.

View All Vumetric Services →

SOLUTIONS BY STANDARD

SOLUTIONS BY INDUSTRY

SOLUTIONS BY CHALLENGE

Secure your network infrastructure

Protect your network from security breaches.

Secure your applications

Secure your missions-critical applications (Web, Mobile ,etc.).

Secure your cloud infrastructure

Ensure the security of your cloud environments.

Prevent ransomware attacks

Protect your business from ransomware attacks.

Contact a Cybersecurity Specialist →

WHITEPAPERS

CASE STUDIES

TOOLS

VIEW ALL CYBERSECURITY RESOURCES →

PENETRATION TESTING

APPLICATION SECURITY

VIEW ALL CYBERSECURITY NEWS →

FREQUENTLY ASKED QUESTIONS

Why should we perform penetration testing?

Conducting a penetration test is a critical tool used by companies as part of their cybersecurity risk management strategy. It helps organizations identify and fix the vulnerabilities most likely to be exploited to breach their cybersecurity and offers counter-measures to mitigate the most important risks of facing cybersecurity incidents.

Regular testing can help ensure that your security measures are up-to-date and effective against the latest hacking techniques and cyber threats.

Will your pentest help us meet compliance requirements?

Our penetration tests helps several organizations of all types meet compliance requirements every year by identifying vulnerabilities that need remediation. Once remediation testing is completed, we provide an official attestation confirming that vulnerabilities have been remediated, helping organizations meet compliance requirements efficiently.

How is it conducted? What is the process?

The process is divided in various stages including reconnaissance, scanning, exploitation, and post-exploitation stages to identify vulnerabilities and safely exploit them to determine their full impact. Detailed reports are then provided after testing to help you understand and address discovered issues.

During testing, our experts leverage a combination of manual and automated techniques to simulate exploits and attacks that would be used by hackers in a real-world scenario in accordance with the latest industry standards.

How much does it cost?

The cost of a penetration test can vary significantly depending on the scope of the assessment. For external penetration testing, one of the most significant factors in the price is the number of IP addresses that need to be evaluated. For an application penetration test, the complexity of the app and the number of user roles will directly impact pricing.

Learn more about the main factors that determine the cost of a penetration test →

Quickly receive a free quote with no engagement using our self-quoting tool →

Looking For Additional Information?

Visit our detailed FAQ to learn more or get in touch with a Vumetric expert directly to receive free guidance and advice.

DETAILED FAQ

About Vumetric

Learn more about Vumetric and discover why hundreds of organizations trust our experts.

Partnership Program

Unlock new business opportunites by reselling top-of-the-line cybersecurity services.

Certifications

Discover our team's cybersecurity and penetration testing certifications.

PTaaS Platform

Discover the modern way to launch and manage your penetration testing projects.

Methodologies

Discover our cybersecurity testing methodologies and standards.

Careers

Explore new career opportunities and join our team of passionate experts.

1-877-805-7475

[email protected]

GET STARTED

New Azure AD Bug Lets Hackers Brute-Force Passwords Without Getting Caught

Active Directory, Bug, Cloud, Hacker, Microsoft, Microsoft Azure, Password
October 4, 2021

Cybersecurity researchers have disclosed an unpatched security vulnerability in the protocol used by Microsoft Azure Active Directory that potential adversaries could abuse to stage undetected brute-force attacks.

“This flaw allows threat actors to perform single-factor brute-force attacks against Azure Active Directory without generating sign-in events in the targeted organization’s tenant,” researchers from Secureworks Counter Threat Unit said in a report published on Wednesday.

Azure Active Directory is Microsoft’s enterprise cloud-based identity and access management solution designed for single sign-on and multi-factor authentication.

The weakness resides in the Seamless Single Sign-On feature that allows employees to automatically sign when using their corporate devices that are connected to enterprise networks without having to enter any passwords.

To achieve this, the mechanism relies on the Kerberos protocol to look up the corresponding user object in Azure AD and issue a ticket-granting ticket, permitting the user to access the resource in question.

Secureworks said it notified Microsoft of the issue on June 29, only for Microsoft to acknowledge the behavior on July 21 as “By design.” We have reached out to the company for further comment, and we will update the story if we hear back.

Share this article on social media:

Subscribe to Our Newsletter!

Stay on top of cybersecurity risks, evolving threats and industry news.

London Drugs closes all of its pharmacies following ‘cybersecurity incident’

2024-04-29

Hackers backdoored Cisco ASA devices via two zero-days (CVE-2024-20353, CVE-2024-20359)

2024-04-25

Microsoft releases Exchange hotfixes for security update issues

2024-04-23

Synlab Italia suspends operations following ransomware attack

2024-04-22

MITRE Corporation Breached by Nation-State Hackers Exploiting Ivanti Flaws

Palo Alto firewalls: Public exploits, rising attacks, ineffective mitigation

2024-04-17

Cisco Duo provider breached, SMS MFA logs compromised

2024-04-16

Microsoft will limit Exchange Online bulk emails to fight spam

View more cybersecurity news →

Featured Services

Web Application Penetration Testing

External Network Penetration Testing

Internal Network Penetration Testing

Medical Device Penetration Testing

Cloud Infrastructure Penetration Testing

Enterprise
Cybersecurity Audit

The Latest Cybersecurity News

From major cyberattacks, newly discovered critical vulnerabilities to recommended best practices, read it here first:

Palo Alto firewalls: Public exploits, rising attacks, ineffective mitigation

While it initially seemed that protecting Palo Alto Network firewalls from attacks leveraging CVE 2024 3400 would be possible by disabling the devices 8217 telemetry it has now been comfirmed

Read The Article →

Cisco Duo provider breached, SMS MFA logs compromised

Hackers have managed to compromise a telephony provider for Duo the Cisco owned company providing secure access solutions and steal MFA SMS message logs of Duo customers

Read The Article →

Microsoft will limit Exchange Online bulk emails to fight spam

Microsoft has announced plans to fight spam by imposing a daily Exchange Online bulk email limit of 2 000 external recipients starting January 2025

Read The Article →

VIEW MORE RECENT NEWS →

CONTACT US

Get in Touch With The Team

Whether you’re looking for more information on our services or simply have a general inquiry, our team remains at your disposal to answer any questions or provide guidance.

A Vumetric expert will be in touch shortly to discuss further.

4.9

5.0

BUILD A QUOTE

RECEIVE YOUR QUOTE QUICKLY

Step 1 of 11

What type of test do you need a quote for?(Required)

External Pentest

Internal Pentest

Web Application Pentest

Mobile Application Pentest

API / Web Service Pentest

Cloud Infra. Pentest

Phishing Simulation

Other Services

What you will get in your detailed quote:

Activities

Including methodologies

Deliverables

Report table of content

Total cost

All-inclusive flat fee

More than 500 organizations received a quote from us in 2023

BOOK A MEETING

Schedule a Meeting With The Team

Looking for more details on how we can help or need guidance to determine the approach best suited for your organization? Plan a virtual meeting with a member of our team to discuss further without any engagement.

* No free email provider (e.g: gmail.com, hotmail.com, etc.)

What happens next?

A Vumetric expert learns about your needs and objectives during a quick meeting.

A project scope is defined (target environment, deadlines, requirements, etc.)

A detailed quote including all-inclusive pricing and statement of work is provided.

CONTACT US

Get in Touch With The Team

Whether you’re looking for more information on our services or simply have a general inquiry, our team remains at your disposal to answer any questions or provide guidance.

A Vumetric expert will be in touch shortly to discuss further.

4.9

5.0

BUILD A QUOTE

RECEIVE YOUR QUOTE QUICKLY

Step 1 of 11

What type of test do you need a quote for?(Required)

External Pentest

Internal Pentest

Web Application Pentest

Mobile Application Pentest

API / Web Service Pentest

Cloud Infra. Pentest

Phishing Simulation

Other Services

What you will get in your detailed quote:

Activities

Including methodologies

Deliverables

Report table of content

Total cost

All-inclusive flat fee

More than 500 organizations received a quote from us in 2023

BOOK A MEETING

Schedule a Meeting With The Team

* No free email provider (e.g: gmail.com, hotmail.com, etc.)

What happens next?

A Vumetric expert learns about your needs and objectives during a quick meeting.

A project scope is defined (target environment, deadlines, requirements, etc.)

A detailed quote including all-inclusive pricing and statement of work is provided.

Have a Question?

Got an Urgent Need?

1-877-805-7475

Stay Updated on Cyber Risks

Subscribe to the Vumetric Monthly Bulletin to keep up with breaking news in the cybersecurity industry.

1-877-805-7475

This site is registered on wpml.org as a development site. Switch to a production site key to remove this banner.

External Penetration Testing

Internal Penetration Testing

Web Application Penetration Testing

Medical Device Penetration Testing

Cloud Security Services

SCADA Cybersecurity Assessment

Cyber Maturity Assessment

Red Team Security Services

Consulting & Professional Services

Compliance Services

Looking For Additional Information?

About Vumetric

Partnership Program

Certifications

PTaaS Platform

Methodologies

Careers

New Azure AD Bug Lets Hackers Brute-Force Passwords Without Getting Caught

Recent News

Featured Services

The Latest Cybersecurity News

CONTACT US

Get in Touch With The Team

4.9

4.9

5.0

BUILD A QUOTE

RECEIVE YOUR QUOTE QUICKLY

What you will get in your detailed quote:

Activities

Deliverables

Total cost

More than 500 organizations received a quote from us in 2023

BOOK A MEETING

Schedule a Meeting With The Team

What happens next?

CONTACT US

Get in Touch With The Team

4.9

4.9

5.0

BUILD A QUOTE

RECEIVE YOUR QUOTE QUICKLY

What you will get in your detailed quote:

Activities

Deliverables

Total cost

More than 500 organizations received a quote from us in 2023

BOOK A MEETING

Schedule a Meeting With The Team

What happens next?

USA - HQ

Canada - HQ

Canada - Satellite

BOOK A MEETING

Enter your Email Address

PENETRATION TESTING Buyer's Guide

Everything You Need to Know