CIRCLE WITH A DOT

Microsoft-Erinnerung an nächste Phase der Kerberos-RC4-HärtungMicrosoft will die unsichere RC4-Verschlüsselung loswerden. Das Unternehmen weist darauf hin, dass im April die nächste Phase startet.https://www.heise.de/news/Microsoft-Erinnerung-an-naechste-Phase-der-Kerberos-RC4-Haertung-11217286.html?wt_mc=sm.red.ho.mastodon.mastodon.md_beitraege.md_beitraege&utm_source=mastodon#ActiveDirectory #IT #Microsoft #Security #news

Information Security terms that sound fake but aren’t:“Golden Ticket attack.”Unfortunately it does not grant access to a chocolate factory.It does grant access to your entire Active Directory.#CyberSecurity #ActiveDirectory #ThreatIntel #SecurityTermsThatSoundFake

Identity compromise continues to dominate intrusion chains.From the Sophos Active Adversary Report 2026:• 67% of initial access attributed to identity abuse• 3.4-hour median to Active Directory pivot• 3-day median dwell time• 88% ransomware deployment off-hours• 79% data exfiltration off-hoursDirectory services remain high-value assets — authentication, authorization, policy control, privilege mapping.The compressed timeline from credential misuse to directory-level access underscores the need for:– Continuous identity monitoring– Behavioral analytics– After-hours SOC coverage– Conditional access enforcement– Least-privilege architectureGenerative AI is functioning as a force multiplier — improving phishing quality and campaign scale - not yet delivering autonomous attack chains.Is identity governance keeping pace with adversary dwell time compression?Engage below.Source: https://www.sophos.com/en-us/press/press-releases/sophos-active-adversary-report-2026-identity-attacks-dominate-as-threat-groups-proliferateFollow TechNadu for high-signal infosec analysis.Repost to strengthen industry awareness.#Infosec #IdentityThreats #RansomwareDefense #ActiveDirectorySecurity #ThreatModeling #GenAI #SecurityOperations #CyberRisk #ZeroTrustArchitecture #DetectionEngineering #EnterpriseSecurity #ThreatHunting