All news with #least privilege tag

Preparing for the Digital Battlefield of Identity Risk

🔒 BeyondTrust's 2026 predictions argue that the next major breaches will stem from unmanaged identity debt rather than simple phishing. The report highlights three identity-driven threats: agentic AI acting as privileged deputies vulnerable to prompt manipulation, automated "account poisoning" in financial systems, and long-dormant "ghost" identities surfacing in legacy IAM. The authors recommend an identity-first posture with strict least-privilege, context-aware controls, real-time auditing, and stronger identity governance.

Top IAM Vendors for Zero Trust and Identity Security

🔑 Identity is becoming the new perimeter as organizations accelerate the move to Zero Trust, making robust Identity & Access Management essential for secure access and continuity. This roundup examines leading IAM vendors and highlights capabilities in IGA, PAM, IDaaS, CIEM and risk-based authentication. Profiles cover strengths, pricing and integration trade-offs for vendors including CyberArk, Okta, Microsoft Entra ID, SailPoint, Avatier and BeyondTrust to help CISOs match products to requirements.

Why Threat Actors Succeed and How Defenders Respond

🔍 The Unit 42 2025 Incident Response analysis explains that attackers exploit complexity, visibility gaps and excessive trust to succeed against organizations of all sizes. The report notes almost a third of incidents were cloud-related, IAM failures appeared in 41% of cases and attackers often moved within an hour, causing outsized disruption and cost. The recommended response is to consolidate telemetry into an integrated platform like Cortex, extend protection into cloud with Cortex Cloud, secure browser activity with Prisma Browser, and engage Unit 42 for advisory and retainer services.

Amazon Connect Introduces Granular Recording Permissions

🔒 Amazon Connect now offers granular UI permissions for conversation recordings and transcripts, enabling administrators to control access to playback, copying and downloads separately. Administrators can allow users to listen to calls while preventing transcript copying, and set download rules that permit redacted recordings but block unredacted downloads. The capability supports complex scenarios where sensitive conversations remain redacted while other interactions remain fully available.

Four Bottlenecks Slowing Enterprise GenAI Adoption

🔒 Since ChatGPT’s 2022 debut, enterprises have rapidly launched GenAI pilots but struggle to convert experimentation into measurable value — only 3 of 37 pilots succeed. The article identifies four critical bottlenecks: security & data privacy, observability, evaluation & migration readiness, and secure business integration. It recommends targeted controls such as confidential compute, fine‑grained agent permissions, distributed tracing and replay environments, continuous evaluation pipelines and dual‑run migrations, plus policy‑aware integrations and impact analytics to move pilots into reliable production.

CloudWatch Database Insights Adds Tag-Based Access Control

🔐 Amazon CloudWatch Database Insights now supports tag-based access control for database-level and per-query metrics powered by RDS Performance Insights. Instance tags defined on RDS and Aurora are now automatically evaluated to authorize Performance Insights metrics, enabling IAM policies to use tag-based access conditions across logical groups of databases. This reduces manual, resource-level permission management and improves governance and security consistency. The feature is available in all AWS regions where Database Insights is offered.

Hardening Customer Support Tools to Prevent Lateral Attacks

🔐 Microsoft Deputy CISO Raji Dani outlines the importance of hardening customer support tools and identities to reduce the risk of lateral movement and data exposure. The post recommends dedicated, isolated support identities protected by Privileged Role MFA and strict device controls. It advocates case-based RBAC with just-in-time and just-enough access, minimizing service-to-service trust, and deploying robust telemetry to speed detection and response. These layered controls apply to in-house teams and third-party providers.

MAESTRO Framework: Securing Generative and Agentic AI

🔒 MAESTRO, introduced by the Cloud Security Alliance in 2025, is a layered framework to secure generative and agentic AI in regulated environments such as banking. It defines seven interdependent layers—from Foundation Models to the Agent Ecosystem—and prescribes minimum viable controls, operational responsibilities and observability practices to mitigate systemic risks. MAESTRO is intended to complement existing standards like MITRE, OWASP, NIST and ISO while focusing on outcomes and cross-agent interactions.

Amazon ECS: Run Firelens Logging Containers Non-Root

🔒 Amazon Elastic Container Service (Amazon ECS) now lets you run Firelens containers as a non-root user by specifying a numeric user ID in the user field of your Task Definition. Running Firelens as non-root reduces the potential attack surface and helps meet security and compliance requirements, including checks surfaced by AWS Security Hub. This capability replaces the previous default of "user": "0" and is available in all AWS Regions. See the Firelens documentation for configuration details.

Capita Fined £14m Over 2023 Data Breach Failings, Remediated

🔒 The Information Commissioner’s Office (ICO) confirmed Capita will not appeal a £14m penalty for security failings that led to a March 2023 breach affecting nearly seven million people. The fine was reduced from an initial £45m after the ICO considered post-incident remediation, support to affected individuals and engagement with the NCSC. The regulator cited delayed SOC response, absence of a tiered privileged-access model and siloed pen testing that allowed a threat actor linked to Black Basta to escalate privileges and deploy ransomware.

When Agentic AI Joins Teams: Hidden Security Shifts

🤖 Organizations are rapidly adopting agentic AI that does more than suggest actions—it opens tickets, calls APIs, and even remediates incidents autonomously. These agents differ from traditional Non-Human Identities because they reason, chain steps, and adapt across systems, making attribution and oversight harder. The author from Token Security recommends named ownership, on‑behalf tracing, and conservative, time‑limited permissions to curb shadow AI risks.

Strengthening Access Controls to Prevent Ransomware

🔐 Ransomware intrusions increasingly begin with compromised identities: recent analyses attribute roughly three quarters of incidents to stolen or misused credentials. Defenses must shift from infrastructure-centric controls to identity-first models like Zero Trust, combining RBAC, MFA and context-aware authentication. Adaptive, risk-based access and passwordless methods reduce friction while improving detection and auditability. Regulatory regimes such as NIS2 and DORA further mandate auditable access controls.

Closing the Cloud Security Gap: Key Findings 2025 Report

🔒 The 2025 Unit 42 Global Incident Response Report shows that nearly a third of incidents investigated in 2024 were cloud-related, with 21% of cases directly impacting cloud assets. The article stresses the importance of the shared responsibility model and full, dynamic visibility to manage resource sprawl, misconfigurations and complex cloud-native architectures. It highlights identity misuse and overpermissioned accounts as frequent attack vectors and urges least privilege, credential rotation and robust logging. Palo Alto Networks recommends unified posture and response through Cortex Cloud and integration with Cortex XSIAM to reduce noise and automate remediation.

Cloud and Application Security: Awareness Best Practices

🔐 The 2025 State of Cloud Security Report from Fortinet and Cybersecurity Insiders highlights how accelerating cloud adoption and a widespread cybersecurity skills shortage are expanding organizational risk across SaaS, APIs, and hybrid environments. Many incidents result from human error — misconfigurations, exposed APIs, and overprivileged accounts — rather than sophisticated targeted attacks. The post recommends five practical measures, including embracing shared responsibility, enforcing MFA and least privilege, integrating security into CI/CD, automating configuration management, and monitoring SaaS and APIs, and stresses that tools must be paired with user awareness and cultural change.

Simplifying Zero Trust Contractor Access with Secure Browser

🔒 A secure enterprise browser provides a practical, cost-efficient Zero Trust approach to managing contractor access, reducing reliance on complex VPNs and broad network privileges. By isolating sessions and enforcing granular policies per user and resource, organizations can grant contractors only the access required for their role. This reduces attack surface, simplifies administration, and lowers operational costs while supporting both short-term and long-term engagements.

Case for Multidomain Visibility and Unified Response in SOCs

🔍 The 2025 Unit 42 Global Incident Response Report shows that 84% of investigated incidents involved activity across multiple attack fronts and 70% spanned at least three vectors, underscoring coordinated, multidomain campaigns. Attackers move laterally across cloud, SaaS, IT and OT, exploiting identities, misconfigurations and vulnerabilities. The report recommends unified telemetry, AI-driven behavioral analytics and stronger identity controls to improve detection and accelerate response.

AWS Transfer Family Adds Four New IAM Condition Keys

🔒 AWS has added four service-specific IAM condition keys for AWS Transfer Family, enabling administrators to write more granular policies and SCPs. These keys let you constrain server protocols, endpoint types, and storage domains at request time. For example, use transfer:RequestServerEndpointType to block public servers or transfer:RequestServerProtocols to allow only SFTP. The keys are available in all Regions where the service is offered.

Security Hardening Essentials for Resource-Constrained SMBs

🔒 Security hardening boosts protection for organizations, especially SMBs, by reducing their attack surface without large additional investments. Key measures include strong authentication and authorization—enforcing strict passwords, multifactor authentication, least-privilege access and network access controls—alongside timely patching, data encryption and segmented, tested backups. Regular staff training, account audits and permission reviews complete a practical, low-cost defense posture.

Agentic AI: A Looming Enterprise Security Crisis — Governance

⚠️ Many organizations are moving too quickly into agentic AI and risk major security failures unless boards embed governance and security from day one. The article argues that the shift from AI giving answers to AI taking actions changes the control surface to identity, privilege and oversight, and that most programs lack cross‑functional accountability. It recommends forming an Agentic Governance Council, defining measurable objectives and building zero trust guardrails, and highlights Prisma AIRS as a platform approach to restore visibility and control.

One Weak Password Topples 158-Year-Old Transport Firm

🔒 KNP Logistics Group, a 158-year-old UK transport firm, collapsed after the Akira ransomware group accessed an employee account by guessing a weak password. Attackers bypassed protections by targeting an internet-facing account without MFA, deployed ransomware across the estate, and destroyed backups, halting operations across 500 trucks and precipitating administration and 700 job losses. The incident underscores the urgent need for strong password policies, MFA, and isolated, tested backups.