Kevin BeaumontPAM provider Delinea, aka Thycotic, had a quiet 5 hour long disruption due to a security incident.
They now have maintenance running for their Secret Server product.
“An endpoint containing a security concern has been identified.”
HT to @matdef
The So What is Delinea Secret Server holds user and system account credentials for orgs, it’s like CyberArk.
Delinea have published IoCs for a security incident in Delinea Secret Server Cloud aka Thycotic. It’s behind a paywall. It’s a vulnerability in their SOAP implementation. No CVE has been assigned, presumably because cloud service. #threatintel
Émilio Gonzalez@GossiTheDog not affecting on-prem?
MatDef@res260 @GossiTheDog On prem is affected: https://support.delinea.com/s/article/KB-010572-How-do-I-remediate-Secret-Server-in-reference-to-the-Secret-Server-SOAP-vulnerability
Edit: just realized that it's the same link as above, but can confirm that it contains mitigation instructions.
faebudo@matdef @res260 @GossiTheDog
There is some information in their "trust" center: https://trust.delinea.com/?tcuUid=17aaf4ef-ada9-46d5-bf97-abd3b07daae3
There is some information in their "trust" center: https://trust.delinea.com/?tcuUid=17aaf4ef-ada9-46d5-bf97-abd3b07daae3