Privileged access management

Google Cloud's Threat Horizons report found weak or absent passwords leading as the access method most commonly exploited by threat actors, accounting for 46% of initial breaches.

The flaw enabled authentication bypass by spoofing, with a proof-of-concept exploit available.

After leveraging a vulnerability and the privilege escalation tools PsExec and JuicyPotato to gain SYSTEM access on targeted devices, Andariel stealthily established a low-privilege local user before altering the Security Account Manager registry to facilitate RID hijacking, a report from AhnLab Security Intelligence Center showed.

Such a vulnerability is slightly more severe in configurations involving single-factor authentication with user-managed AuthFile, as well as the utilization of pam-u2f for single-factor authentication with other Pluggable Authentication Modules, compared with scenarios involving 2FA with a centrally managed AuthFile.

After establishing an updated inventory of self-hosted apps within a network, Orchid leverages LLM analytics with optimal reasoning and code recognition capabilities for identity control and authentication evaluations that consider cybersecurity framework compliance, according to the firm.

Trelica's cloud service specializes in identifying shadow IT applications -- software-as-a-service tools deployed without IT approval -- by analyzing logs from internal systems.

Hybrid environments face challenges when using legacy IAM platforms. Here’s how a modern IAM solution and best identity-management practices can strengthen your security posture.

An attacker with local access can grab admin credentials from active memory prior to deletion.