#CredentialSecurity

Privileged Accounts, Hidden Threats: Why Privileged Access Security Must Be a Top Priority

November 19, 2024 by Xynik

November 19, 2024 at 07:49AM Organizations must evolve their approach to Privileged Access Management (PAM) by prioritizing security over merely managing access. With advanced cyber threats emerging, adopting a proactive strategy that includes continuous monitoring, real-time threat response, and robust security controls is essential to effectively protect privileged accounts and sensitive systems. ### Meeting Takeaways: … Read more

OPA for Windows Vulnerability Exposes NTLM Hashes

October 22, 2024 by Xynik

October 22, 2024 at 05:31PM Organizations using Open Policy Agent (OPA) for Windows should update to v0.68.0 or later to address a vulnerability (CVE-2024-8260) that exposes user credentials via improper input validation. This flaw allows attackers to exploit authentication processes, highlighting the risks linked to using open-source software. ### Meeting Takeaways: 1. **Update Recommendation**: – … Read more

NIST Drops Password Complexity, Mandatory Reset Rules

September 26, 2024 by Xynik

September 26, 2024 at 08:32AM NIST’s latest password guidelines (SP 800-63-4) no longer recommend using a mix of character types or regular password changes. They suggest CSPs stop mandating specific password types and periodic changes, and reduce knowledge-based authentication usage. The new guidelines stress a minimum 15-character length, allowing up to 64 characters, and incorporating … Read more