More than 1,000 security employees in as many as 17 countries participated in the survey. Most said the biggest hurdle to mounting an adequate defense against cyber threats today is the lack of skilled personnel. (Poor security awareness and an inability to sift through enormous piles of data tied for second place.)

The survey, which included 1,200 respondents working in 19 industries, was compiled by CyberEdge Group, a research and marketing firm serving high-tech vendors and service providers.

More interesting is the feedback collected from respondents who said their organizations were infected with ransomware in the last year. (Ransomware tied with phishing attacks for the second most crucial security concern; the first, as per usual, is malware.)

Slightly more than half of the respondents’ organizations that actually paid a ransom to recover stolen or encrypted data—either in Bitcoin or some other anonymous currency—were unable to recover their data. In total, the report says, a little under 39 percent of the organizations resolved to pay.

“Flip a coin once to determine whether your organization will be affected by ransomware,” CyberEdge suggests. “If it will be, flip it again to determine whether paying the ransom will actually get your data back.”

Source: Major Survey of IT Pros Reveals Why Everything Gets Hacked All the Damn Time

On a Samba 4 AD DC the LDAP server in all versions of Samba from
4.0.0 onwards incorrectly validates permissions to modify passwords
over LDAP allowing authenticated users to change any other users'
passwords, including administrative users and privileged service
accounts (eg Domain Controllers).

The LDAP server incorrectly validates certain LDAP password
modifications against the "Change Password" privilege, but then
performs a password reset operation.

Source: Samba – Security Announcement Archive