privilege – Page 3 – Experimental News Clipping Site

Simon Willison’s Weblog: Chromium Docs: The Rule Of 2

Aug 11, 2025

—

by

Source URL: https://simonwillison.net/2025/Aug/11/the-rule-of-2/ Source: Simon Willison’s Weblog Title: Chromium Docs: The Rule Of 2 Feedly Summary: Chromium Docs: The Rule Of 2 Alex Russell pointed me to this principle in the Chromium security documentation as similar to my description of the lethal trifecta. First added in 2019, the Chromium guideline states: When you write code…

Cisco Talos Blog: ReVault! When your SoC turns against you… deep dive edition

Aug 9, 2025

—

by

Kurt Seifried

in Uncategorized

Source URL: https://blog.talosintelligence.com/revault-when-your-soc-turns-against-you-2/ Source: Cisco Talos Blog Title: ReVault! When your SoC turns against you… deep dive edition Feedly Summary: Talos reported 5 vulnerabilities to Broadcom and Dell affecting both the ControlVault3 Firmware and its associated Windows APIs that we are calling “ReVault”. AI Summary and Description: Yes **Summary:** The text conducts an in-depth analysis…

The Register: Microsoft, CISA warn yet another Exchange server bug can lead to ‘total domain compromise’

Aug 7, 2025

—

by

Kurt Seifried

in Uncategorized

Source URL: https://www.theregister.com/2025/08/07/microsoft_cisa_warn_yet_another/ Source: The Register Title: Microsoft, CISA warn yet another Exchange server bug can lead to ‘total domain compromise’ Feedly Summary: No reported in-the-wild exploits…yet Microsoft and the feds late Wednesday sounded the alarm on another high-severity bug in Exchange Server hybrid deployments that could allow attackers to escalate privileges from on-premises Exchange…

Microsoft Security Blog: Sharing practical guidance: Launching Microsoft Secure Future Initiative (SFI) patterns and practices

Aug 6, 2025

—

by

Kurt Seifried

in Uncategorized

Source URL: https://www.microsoft.com/en-us/security/blog/2025/08/06/sharing-practical-guidance-launching-microsoft-secure-future-initiative-sfi-patterns-and-practices/ Source: Microsoft Security Blog Title: Sharing practical guidance: Launching Microsoft Secure Future Initiative (SFI) patterns and practices Feedly Summary: We’re excited to launch SFI patterns and practices: a new library of actionable guidance designed to help organizations implement security measures at scale. This launch marks a next step in our journey to…

Unit 42: When Good Accounts Go Bad: Exploiting Delegated Managed Service Accounts in Active Directory

Aug 6, 2025

—

by

Kurt Seifried

in Uncategorized

Source URL: https://unit42.paloaltonetworks.com/badsuccessor-attack-vector/ Source: Unit 42 Title: When Good Accounts Go Bad: Exploiting Delegated Managed Service Accounts in Active Directory Feedly Summary: BadSuccessor is an attack vector in Windows Server 2025. Under certain conditions it allows privilege elevation via dMSAs. We analyze its mechanics. The post When Good Accounts Go Bad: Exploiting Delegated Managed Service…

Cisco Talos Blog: ReVault! When your SoC turns against you…

Aug 5, 2025

—

by

Kurt Seifried

in Uncategorized

Source URL: https://blog.talosintelligence.com/revault-when-your-soc-turns-against-you/ Source: Cisco Talos Blog Title: ReVault! When your SoC turns against you… Feedly Summary: Talos reported 5 vulnerabilities to Broadcom and Dell affecting both the ControlVault3 Firmware and its associated Windows APIs that we are calling “ReVault”. AI Summary and Description: Yes **Summary:** The report details significant vulnerabilities discovered in Dell’s ControlVault3…

Microsoft Security Blog: Microsoft Entra Suite delivers 131% ROI by unifying identity and network access

Aug 4, 2025

—

by

Kurt Seifried

in Uncategorized

Source URL: https://www.microsoft.com/en-us/security/blog/2025/08/04/microsoft-entra-suite-delivers-131-roi-by-unifying-identity-and-network-access/ Source: Microsoft Security Blog Title: Microsoft Entra Suite delivers 131% ROI by unifying identity and network access Feedly Summary: According to a new Forrester Total Economic Impact™ study, organizations using the Microsoft Entra Suite achieved a 131% ROI, $14.4 million in benefits, and payback in less than six months. The post Microsoft…

Scott Logic: Automated permissions testing with AWS IAM Policy Simulator

Aug 1, 2025

—

by

Kurt Seifried

in Uncategorized

Source URL: https://blog.scottlogic.com/2025/08/01/automated-iam-policy-simulator-testing.html Source: Scott Logic Title: Automated permissions testing with AWS IAM Policy Simulator Feedly Summary: A quick guide to implementing a test framework for IAM permissions using the AWS IAM Policy Simulator API and a tiny hack. AI Summary and Description: Yes Summary: The provided text extensively discusses a workaround for using AWS…

Tag: privilege