All news with #pam tag

Addressing Password Management Challenges to Protect Data

🔒 Enterprises and SMBs have invested heavily in authentication and IAM, but those controls are only as strong as password management. Compromised credentials remain a leading cause of breaches while the average employee manages over 100 accounts, creating operational and compliance burdens. Dedicated password managers can cut support costs by up to 80% and lower incident rates, but success requires strong user adoption and integration with SSO, MFA, LDAP/AD and privileged access systems.

Active Directory Under Siege: Risks in Hybrid Environments

🔐 Active Directory remains the critical authentication backbone for most enterprises, and its growing complexity across on‑premises and cloud hybrids has expanded attackers' opportunities. The article highlights common AD techniques — Golden Ticket, DCSync, and Kerberoasting — and frequent vulnerabilities such as weak and reused passwords, lingering service accounts, and poor visibility. It recommends layered defenses: strong password hygiene, privileged access management, zero‑trust conditional access, continuous monitoring, and rapid patching. The piece stresses that AD security is continuous and highlights solutions that block compromised credentials in real time.

CrowdStrike Named Overall Leader in 2025 ITDR Compass

🔒 CrowdStrike has been named the Overall Leader in the 2025 KuppingerCole Leadership Compass for Identity Threat Detection and Response, achieving top placement across Product, Innovation, Market, and Overall Ranking. The report cites Falcon Next-Gen Identity Security for its cloud-native design, AI/ML-driven detections, behavioral analytics, and automated identity-centric response. KuppingerCole highlights unified visibility across Active Directory, Entra ID, Okta, Ping, AWS IAM and SaaS via Falcon Shield, and notes deep integrations with XDR, SIEM, SOAR, IdP, IGA, PAM, and ITSM to accelerate detection and remediation for human, non-human, and AI agent identities.

Privileged Account Monitoring and Protection Guide Overview

🔐 This article outlines Mandiant's practical framework for securing privileged access across modern enterprise and cloud environments. It emphasizes a three-pillar approach—Prevention, Detection, and Response—and details controls such as PAM, PAWs, JIT/JEA, MFA, secrets rotation, and tiered access. The post highlights detection engineering, high-fidelity session capture, and SOAR automation to reduce dwell time and blast radius, and concludes with incident response guidance including enterprise password rotations and protected recovery paths.

Harden Identity Defense: Richer Context and Correlation

🔒Microsoft outlines expanded Identity Threat Detection and Response (ITDR) capabilities designed for modern, hybrid environments. The post highlights general availability of unified identity and endpoint sensors, broad on‑premises sensors for Domain Controllers, AD FS, and AD CS, and native integration with Microsoft Entra ID. It emphasizes an identity‑centric approach that correlates accounts across platforms, integrates with PAM, and links identity signals into Defender XDR to enable contextualized alerts, coordinated response, and automatic attack disruption across devices and sessions.

Replace Short Complex Passwords with Longer Passphrases

🔒Modern guidance favors long, memorable passphrases over short, complex passwords. Length provides far more effective entropy than symbol substitution, making offline brute-force attacks exponentially harder for attackers using modern GPU rigs. Passphrases lower helpdesk resets, discourage insecure reuse, and align with NIST recommendations. Implement by raising minimum length, dropping forced complexity, and blocking compromised credentials in real time.

Passwork 7: Unified On-Premises Password and Secrets

🔐 Passwork 7 is an on‑premises unified platform that consolidates password and secrets management with a redesigned interface and reworked core workflows to improve usability and security. The update introduces hierarchical vaults, custom vault types, role‑based access, and comprehensive logging, plus API, Python connector, CLI and Docker support for DevOps automation. Built on a zero‑knowledge AES‑256 model with MongoDB storage and ISO 27001 certification, it targets organizations needing centralized, compliant credential control.

Manufacturing Disruptions from Targeted Cyberattacks

⚠️Recent cyberattacks forced production halts at Jaguar Land Rover and Asahi, underscoring that operational disruption is now a primary objective for threat actors. JLR paused production after an August 31 compromise attributed to the Scattered Lapsus$ Hunters group, reportedly using vishing to obtain credentials, while Asahi halted orders and shipments following a systems failure. Experts emphasize that attackers exploit phishing, unpatched systems, and supply‑chain weaknesses, and urge layered defenses such as zero trust, MFA, PAM, micro‑segmentation, continuous monitoring, and air‑gapped backups to preserve business continuity.

CrowdStrike Advances Next-Gen Identity Security Innovations

🔐 CrowdStrike announced three enhancements to Falcon Next‑Gen Identity Security: FalconID, expanded privileged access controls, and identity‑driven case management. FalconID delivers FIDO2-based, phishing-resistant passwordless MFA via the Falcon for Mobile app, combining Bluetooth proximity checks with contextual telemetry to block credential phishing, MFA fatigue, and session hijacking. Privileged access updates add just-in-time workflows, Microsoft Teams request/revoke, Fusion SOAR automation, and hybrid coverage including local systems (early access). Identity-driven case management integrates identity detections into Falcon Next‑Gen SIEM and automates analyst response (generally available).

Onboarding Attacks: When Fake Hires Become Insider Threats

🔐 Attackers are increasingly bypassing email defenses by infiltrating organizations through the hiring process, as in the 'Jordan' example where a bogus hire gained broad access on day one. Remote recruiting, AI-generated profiles and deepfakes have turned identity into the new perimeter, undermining traditional vetting. Adopting zero standing privileges—with JIT/JEP, strict baselines and comprehensive auditing—and tools such as BeyondTrust Entitle can remove persistent access and automate time‑bound, auditable privilege grants.

Falcon Next-Gen Identity Security Unifies Protection

🔒 CrowdStrike announced Falcon Next-Gen Identity Security, a unified solution to protect human, non-human, and AI agent identities across on-premises, cloud, and SaaS environments. It consolidates initial access prevention, modern secure privileged access, identity threat detection and response (ITDR), SaaS identity security, and agentic identity protection into a single sensor and management console. Delivered via the AI-native Falcon platform, the offering provides real-time visibility, dynamic access enforcement, and autonomous response to reduce identity-driven breaches and simplify hybrid identity security.

BadSuccessor: dMSA Privilege Escalation in Windows Server

🔒 Unit 42 details BadSuccessor, a critical post-Windows Server 2025 attack vector that abuses delegated Managed Service Accounts (dMSAs) to escalate privileges in Active Directory. The write-up explains how attackers who can create or modify dMSAs may set msDS-ManagedAccountPrecededByLink and msDS-DelegatedMSAState to impersonate superseded accounts and obtain elevated rights. It provides practical detection guidance using Windows Security auditing and offers hunting queries and mitigation recommendations. Palo Alto Networks solutions such as Cortex XDR and XSIAM are highlighted as able to detect this activity when auditing is enabled.

Twitter Whistleblower Alleges Major Security Failures

🔍 An 84-page whistleblower complaint from former Twitter head of security Peiter “Mudge” Zatko alleges systemic security and privacy failings at the company, including excessive staff access, unpatched servers, and potential foreign-agent infiltration. Zatko says these issues violate a 2010 FTC order and pose a national security risk. Twitter calls him a disgruntled ex-employee and says many issues are addressed. Congressional inquiries have already begun.