All news with #service accounts tag

Agentic AI Expands Identity Attack Surface Risks for Orgs

🔐 Rubrik Zero Labs warns that the rise of agentic AI has created a widening gap between an expanding identity attack surface and organizations’ ability to recover from compromises. Their report, Identity Crisis: Understanding & Building Resilience Against Identity-Driven Threats, finds 89% of organizations have integrated AI agents and estimates NHIs outnumber humans roughly 82:1. The authors call for comprehensive identity resilience—beyond traditional IAM—emphasizing zero trust, least privilege, and lifecycle control for non-human identities.

Kerberoasting in 2025: Protecting Service Accounts

🔒 Kerberoasting remains a persistent threat to Active Directory environments, enabling attackers to request service tickets for SPNs and crack their password hashes offline to escalate privileges. Adversaries use freely available tools like GetUserSPNs.py and Rubeus to extract tickets tied to service accounts, then perform offline brute-force attacks against the ticket encryption. Mitigations recommended include regular AD password audits, using gMSAs with auto-managed long passwords, preferring AES over RC4, enforcing non-reusable 25+ character passwords with rotation, and deploying MFA and robust password policies.

Practical Guide to Google Cloud Parameter Manager Overview

🔒 Google Cloud's Parameter Manager centralizes application configuration to avoid hard-coded credentials and fragile config files, supporting validated JSON and YAML payloads as well as arbitrary unformatted data. It integrates with Secret Manager using a __REF__ syntax to keep confidential values separate and uses versioned, immutable parameter versions to prevent accidental changes. The post walks through storing an API key in Secret Manager, granting the Parameter Manager IAM principal access, and calling renderParameterVersion from a Node backend. A sample React/Node weather app demonstrates runtime configuration, fallback dummy data, and advanced patterns such as regional parameters and feature rollouts.

Hardening Customer Support Tools to Prevent Lateral Attacks

🔐 Microsoft Deputy CISO Raji Dani outlines the importance of hardening customer support tools and identities to reduce the risk of lateral movement and data exposure. The post recommends dedicated, isolated support identities protected by Privileged Role MFA and strict device controls. It advocates case-based RBAC with just-in-time and just-enough access, minimizing service-to-service trust, and deploying robust telemetry to speed detection and response. These layered controls apply to in-house teams and third-party providers.

When Agentic AI Joins Teams: Hidden Security Shifts

🤖 Organizations are rapidly adopting agentic AI that does more than suggest actions—it opens tickets, calls APIs, and even remediates incidents autonomously. These agents differ from traditional Non-Human Identities because they reason, chain steps, and adapt across systems, making attribution and oversight harder. The author from Token Security recommends named ownership, on‑behalf tracing, and conservative, time‑limited permissions to curb shadow AI risks.

Securing the Agentic Era: Astrix's Agent Control Plane

🔒 Astrix introduces the industry's first Agent Control Plane (ACP) to enable secure-by-design deployment of autonomous AI agents across the enterprise. ACP issues short-lived, precisely scoped credentials and enforces just-in-time, least-privilege access while centralizing inventory and activity trails. The platform streamlines policy-driven approvals for developers, speeds audits for security teams, and reduces compliance and operational risk by discovering non-human identities (NHIs) and remediating excessive privileges in real time.

Shadow AI Agents Multiply Rapidly — Detection and Control

⚠️ Shadow AI Agents are proliferating inside enterprises as developers, business units, and cloud platforms spin up non-human identities and automated workflows without security oversight. These agents can impersonate trusted users, exfiltrate data across boundaries, and generate invisible attack surfaces tied to unknown NHIs. The webinar panel delivers a pragmatic playbook for detecting, governing, and remediating rogue agents while preserving innovation.

MURKY PANDA: Trusted-Relationship Cloud Threats and TTPs

🔒 Since late 2024 CrowdStrike's Counter Adversary Operations has tracked MURKY PANDA, a China‑nexus actor targeting government, technology, academic, legal and professional services in North America. The group exploits internet‑facing appliances, rapidly weaponizes n‑day and zero‑day flaws, and deploys web shells (including Neo‑reGeorg) and the Golang RAT CloudedHope. CrowdStrike recommends auditing Entra ID service principals and activity, enabling Microsoft Graph logging, hunting for anomalous service principal sign‑ins, prioritizing patching of cloud and edge devices, and leveraging Falcon detection and SIEM capabilities.

CrowdStrike Named Leader in GigaOm SSPM Radar 2025

🔒 CrowdStrike has been named the only Leader and Outperformer in the 2025 GigaOm Radar for SaaS Security Posture Management (SSPM). The recognition highlights the CrowdStrike Falcon platform's unified, AI-native approach—combining Falcon Shield, identity protection and cloud security—to detect and remediate misconfigurations, identity threats, and unauthorized SaaS access. Falcon Shield's extensive integrations, automated policy responses via Falcon Fusion SOAR, and GenAI-focused controls underpin its market-leading posture and support continuous visibility across human and non-human identities.

BadSuccessor: dMSA Privilege Escalation in Windows Server

🔒 Unit 42 details BadSuccessor, a critical post-Windows Server 2025 attack vector that abuses delegated Managed Service Accounts (dMSAs) to escalate privileges in Active Directory. The write-up explains how attackers who can create or modify dMSAs may set msDS-ManagedAccountPrecededByLink and msDS-DelegatedMSAState to impersonate superseded accounts and obtain elevated rights. It provides practical detection guidance using Windows Security auditing and offers hunting queries and mitigation recommendations. Palo Alto Networks solutions such as Cortex XDR and XSIAM are highlighted as able to detect this activity when auditing is enabled.