{"id":825,"date":"2025-11-07T10:57:18","date_gmt":"2025-11-07T10:57:18","guid":{"rendered":"https:\/\/www.securesteps.tn\/enterprise-credentials-at-risk-again-same-cybersecurity-mistakes\/"},"modified":"2025-11-07T10:57:18","modified_gmt":"2025-11-07T10:57:18","slug":"enterprise-credentials-at-risk-again-same-cybersecurity-mistakes","status":"publish","type":"post","link":"https:\/\/www.securesteps.tn\/ar\/enterprise-credentials-at-risk-again-same-cybersecurity-mistakes\/","title":{"rendered":"Enterprise Credentials at Risk Again Same Cybersecurity Mistakes"},"content":{"rendered":"<p><span data-lexical-tag=\"true\" class=\"tag\">**Enterprise Credentials at Risk Again: Same Cybersecurity Mistakes**<\/p>\n<p>**Introduction**<\/p>\n<p>What do Uber, Snowflake, and Dell have in common\u2014aside from massive IT budgets and global scale? In recent headlines, all three suffered security breaches tied to compromised enterprise credentials. According to the November 2025 report from The Hacker News, attackers leveraged stolen session tokens and improperly secured authentication systems to slip into trusted cloud environments\u2014undetected and unchallenged. (Source: https:\/\/thehackernews.com\/2025\/11\/enterprise-credentials-at-risk-same-old.html)<\/p>\n<p>It\u2019s a familiar pattern, and for CISOs, CEOs, and security leaders everywhere, it should be an urgent wake-up call. Despite years of education, innovation, and investment, organizations are falling for the same old traps. The attackers haven\u2019t gotten wildly more sophisticated\u2014our defenses have just failed to evolve fast enough.<\/p>\n<p>This article dives into what went wrong, why enterprise credentials are still a soft target, and what you\u2014as a leader responsible for protecting your organization\u2014can do about it. We\u2019ll cover:<\/p>\n<p>&#8211; Why poor identity and access management (IAM) practices remain a top risk vector<br \/>\n&#8211; How token-based attacks are exploiting overlooked vulnerabilities<br \/>\n&#8211; Practical steps to close the gaps and build a stronger credential strategy<\/p>\n<p>Let\u2019s stop recycling mistakes and start building defenses that actually stand up to modern threats.<\/p>\n<p>**Weak Identity Practices: The Root of Repeat Breaches**<\/p>\n<p>The breaches reported in late 2025 share a common thread: attackers weren\u2019t exploiting some zero-day vulnerability\u2014they were simply walking through a side door left unlocked by weak identity controls.<\/p>\n<p>Too many enterprises rely on legacy IAM protocols or poorly configured cloud permissions. According to IBM\u2019s 2023 Cost of a Data Breach Report, stolen or compromised credentials were the most common initial attack vector, responsible for 19% of all breaches they studied.<\/p>\n<p>Common missteps include:<\/p>\n<p>&#8211; **Over-permissioning** user accounts and service identities<br \/>\n&#8211; **Inconsistent MFA enforcement**, especially for privileged access<br \/>\n&#8211; **Reliance on static credentials** like passwords, API keys, or SSH tokens<br \/>\n&#8211; **Shadow IT** systems with unmanaged logins or weak password policies<\/p>\n<p>Take the Uber and Snowflake breaches mentioned in The Hacker News article. These weren\u2019t caused by some sophisticated zero-click malware. Attackers used simple credential theft\u2014such as acquiring valid tokens via infostealers or dark web marketplaces\u2014to bypass login portals.<\/p>\n<p>Actionable tip: Start with a full access review across all cloud services. Implement role-based access controls (RBAC), enforce mandatory MFA across the board, and retire any unused or overprivileged accounts.<\/p>\n<p>**Session Hijacking and Token Theft: The New Frontier**<\/p>\n<p>One of the most concerning evolutions in credential-based attacks is session hijacking. Instead of stealing passwords, attackers grab active session tokens that bypass authentication altogether.<\/p>\n<p>As highlighted in the Snowflake breach, adversaries used malware to collect users&#8217; session tokens\u2014either from infected endpoints or from developer environments\u2014and replayed them to access live sessions. Because these were valid tokens, many detection tools failed to alert security teams.<\/p>\n<p>Here\u2019s why this attack method is growing:<\/p>\n<p>&#8211; **Tokens are poorly secured:** They\u2019re often stored in memory or browser local storage, making them vulnerable to malware or exposed diagnostic tools.<br \/>\n&#8211; **Authentication bypass:** With an active session token, attackers don\u2019t need to crack passwords or break MFA\u2014they can enter seamlessly.<br \/>\n&#8211; **Lack of monitoring:** Most SIEMs or access logs don\u2019t flag token replay as anomalous until it\u2019s too late.<\/p>\n<p>Cisco\u2019s 2024 Global Security Report found that token-based attacks rose over 260% in the past 18 months. This method is particularly effective in cloud environments where trust frameworks often rely heavily on session continuity.<\/p>\n<p>Actionable tip: Consider rotating session tokens more frequently, establish session telemetry monitoring, and restrict token reuse across IP ranges or geolocations. Use conditional access policies that invalidate sessions if anomalies are detected.<\/p>\n<p>**Simple Fixes Too Often Ignored**<\/p>\n<p>The most frustrating reality? Many of these breaches could have been prevented with basic cybersecurity hygiene. The tools already exist\u2014many firms just fail to use them effectively.<\/p>\n<p>Here are three often-ignored areas that would make a massive difference:<\/p>\n<p>1. **Endpoint protection:** Every session token theft starts at an endpoint. If you can\u2019t secure developer machines or frontline laptops, you\u2019re building on sand. Implement modern EDR (Endpoint Detection and Response) solutions, ensure auto-patching, and train employees on phishing and malware risks.<\/p>\n<p>2. **Session lifetimes:** Too many organizations never configure default session durations. If sessions persist for days or weeks, they\u2019re far more exploitable. Set reasonable maximum lifetimes and enforce them by policy.<\/p>\n<p>3. **Developer environments:** These are goldmines for attackers. Dev teams often have broad access, relaxed controls, and cached credentials. Apply the same security standards to dev environments as to production\u2014if not stricter.<\/p>\n<p>Actionable tip: Run phishing simulations targeting cloud credential theft. Track which user groups are most vulnerable, and use results to tailor training and bolster defenses.<\/p>\n<p>**Conclusion**<\/p>\n<p>The recent parade of credential-related breaches isn\u2019t about advanced attackers\u2014it\u2019s about consistent neglect of fundamental IAM hygiene. If your identity, session, and credential strategies haven\u2019t been revisited in the past year, you&#8217;re already behind.<\/p>\n<p>We can&#8217;t afford to keep making the same mistakes. Identity is the new perimeter. As CISOs and security leaders, it\u2019s on us to shift from reaction to prevention. Treat credentials like gold. Harden token management. Apply principle of least privilege like your business depends on it\u2014because it does.<\/p>\n<p>Ready to build better defenses? Start with an enterprise credential audit this quarter. Revisit your session policies. And most of all, make identity security a board-level priority, because your attackers already have.<\/p>\n<p>For additional context and technical details, refer to the source article: [The Hacker News &#8211; Enterprise Credentials at Risk](https:\/\/thehackernews.com\/2025\/11\/enterprise-credentials-at-risk-same-old.html)<\/span><\/p>\n","protected":false},"excerpt":{"rendered":"<p>**Enterprise Credentials at Risk Again: Same Cybersecurity Mistakes** **Introduction** What do Uber, Snowflake, and Dell have in common\u2014aside from massive IT budgets and global scale? In recent headlines, all three suffered security breaches tied to compromised enterprise credentials. According to the November 2025 report from The Hacker News, attackers leveraged [&hellip;]<\/p>\n","protected":false},"author":2,"featured_media":826,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_joinchat":[],"footnotes":""},"categories":[37],"tags":[],"class_list":["post-825","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-information-security-fr"],"aioseo_notices":[],"_links":{"self":[{"href":"https:\/\/www.securesteps.tn\/ar\/wp-json\/wp\/v2\/posts\/825","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.securesteps.tn\/ar\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.securesteps.tn\/ar\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.securesteps.tn\/ar\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/www.securesteps.tn\/ar\/wp-json\/wp\/v2\/comments?post=825"}],"version-history":[{"count":0,"href":"https:\/\/www.securesteps.tn\/ar\/wp-json\/wp\/v2\/posts\/825\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.securesteps.tn\/ar\/wp-json\/wp\/v2\/media\/826"}],"wp:attachment":[{"href":"https:\/\/www.securesteps.tn\/ar\/wp-json\/wp\/v2\/media?parent=825"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.securesteps.tn\/ar\/wp-json\/wp\/v2\/categories?post=825"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.securesteps.tn\/ar\/wp-json\/wp\/v2\/tags?post=825"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}