@[email protected]
31 Followers
81 Following
90 Posts
IAM expert, all about Access
Member of the #IDPro body of knowledge committee

Due to server crash migrated manually from [email protected],space

Netherlands based
#IAM #digitalidentity #identity #infosec
andreApr 15, 2024
Michiel BontenbalApr 15, 2024
A new week, a new #opensource #ai model. WizardLM has published a new model that scores higher than (an old version of) GPT4 on the widely used ‘MT-Bench’ benchmark. Can you imagine that the #os community will bypass big tech in AI???
andreApr 11, 2024
@J12t Windows update is one of the main reasons why I changed to Linux
andreApr 5, 2024
Microsoft is not an advertising company, they will not abuse your consumer rights, they make money from selling software, hardware and services. And from their partners who are abusing your data https://proton.me/blog/outlook-is-microsofts-new-data-collection-service
Outlook is Microsoft’s new data collection service | Proton

The new Outlook now appears to be a data collection service for Microsoft’s 801 external partners for targeted advertising.

Proton
andreMar 15, 2024
Today my latest article for the @[email protected] Body of Knowledge has been published, 'Introduction to Privileged Access Management'.

The article started as a draft that I announced in the IDPro Slack channel and resulted in a number of contributions from other IDPro members. One of the contributors is @[email protected], thanks for the diagrams 👍

And of course, as always, Thank you @sphcow for your efforts making the #bok the reference IAM practitioners need!

Without further ado:
https://bok.idpro.org/article/id/101/

#IAM #PAM #infosec
Introduction to Privileged Access Management

Privileged Access Management (PAM) plays a crucial role in modern cybersecurity. Organizations can significantly enhance their security posture and protect valuable assets by addressing the issues and risks associated with privileged accounts. Implementing a combination of robust policies, technologies, and best practices will help organizations manage the risks effectively while ensuring the availability, integrity, and confidentiality of their systems and data.This article introduces the concepts of managing privileged access and will touch on non-human accounts, including those that are both interactive and non-interactive. It will show that not all privileged access accounts should be treated in the same way. It will explore the scenarios in which PAM solutions can help organizations gain control of privileged access. Different use cases for PAM solutions are explained and illustrated with architecture diagrams. Critically, even when implementing PAM systems, practitioners cannot neglect the human factor (which requires policy, training, and controls). This article concludes with best practices for implementation, adoption considerations, and core guiding principles.

IDPro Body of Knowledge
andreMar 11, 2024
meneerMar 11, 2024

No more rocket science, I'm moving to Post-Quantum encryption any day now...
https://tuta.com/blog/post-quantum-cryptography

@Tutanota
#infosec #cryptography

Tuta Launches Post Quantum Cryptography For Email | Tuta

Tuta Mail enables TutaCrypt, a protocol to exchange messages using quantum-safe encryption.

Tuta
andreMar 8, 2024
Show threadKevin BeaumontMar 8, 2024
If you like this one, here’s another - HSE ransomware attack on Ireland’s healthcare sector: https://www.hse.ie/eng/services/publications/conti-cyber-attack-on-the-hse-full-report.pdf
andreMar 8, 2024
Kevin BeaumontMar 8, 2024

If you like large post incident reviews of major ransomware incidents - there’s only a few of these - the British Library one is out now:

https://www.bl.uk/home/british-library-cyber-incident-review-8-march-2024.pdf

The long story short is they lacked resiliency, detection capability, and somebody exposed RDP to the internet for remote access for contractors.

Show threadandreFeb 18, 2024
@aral and be ware of putting it in a password...
andreFeb 18, 2024
#IAM #protip:

If you use a #password generator and instruct it to use lower and upper case, numbers and special characters and a fitting length:

make sure that the created password doesn't contain characters that may give confusing results in a keyboard with a dead-key or 'international' key configuration.
Your password will not be recognized by your security service...

(yes, personal experience 🤭)

#infosec
andreFeb 13, 2024
🛡 [email protected]/:~# Feb 13, 2024

"🚨 #RoundCubeUnderSiege - CISA Alerts on Roundcube as a frequent attack vector. 🚨"

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has issued a warning about active exploitation of a vulnerability in the RoundCube webmail software. Attackers are leveraging this flaw to execute arbitrary code on vulnerable servers. This Medium vulnerability, identified as CVE-2023-43770 (CVSS score: 6.1), allows attackers XSS via text/plain e-mail messages with crafted links because of program/lib/Roundcube/rcube_string_replacer.php behavior on Roundcube before 1.4.14, 1.5.x before 1.5.4, and 1.6.x before 1.6.3 .🔐💻

Tags: #CyberSecurity #CISA #RoundCube #EmailSecurity #VulnerabilityManagement #PatchManagement #ThreatIntelligence #InfoSec

Source: Cisa.gov