After leveraging a vulnerability and the privilege escalation tools PsExec and JuicyPotato to gain SYSTEM access on targeted devices, Andariel stealthily established a low-privilege local user before altering the Security Account Manager registry to facilitate RID hijacking, a report from AhnLab Security Intelligence Center showed.
Such a vulnerability is slightly more severe in configurations involving single-factor authentication with user-managed AuthFile, as well as the utilization of pam-u2f for single-factor authentication with other Pluggable Authentication Modules, compared with scenarios involving 2FA with a centrally managed AuthFile.
After establishing an updated inventory of self-hosted apps within a network, Orchid leverages LLM analytics with optimal reasoning and code recognition capabilities for identity control and authentication evaluations that consider cybersecurity framework compliance, according to the firm.
Trelica's cloud service specializes in identifying shadow IT applications -- software-as-a-service tools deployed without IT approval -- by analyzing logs from internal systems.
Hybrid environments face challenges when using legacy IAM platforms. Here’s how a modern IAM solution and best identity-management practices can strengthen your security posture.
In this episode, we’re joined by Tammy Klotz, a 3x CISO in the manufacturing industry, to explore identity security challenges in manufacturing environments. Tammy discusses the differences in access management for frontline workers versus knowledge workers, touching on the unique devices and role-based training requirements. Tune in to learn how t...
Fast Five
Selected by the SC Media Editorial team every Tuesday.
Sign up now for the top five issues cybersecurity pros need to know this week.
