Skip to content

// #credential-security

4 articles

← All tags
⚖️ Risk Mgmt

ITSM Platform Security Governance: Why ServiceNow, Jira, and Freshservice Are High-Value Targets

The ServiceNow API breach this week highlights a category of platform that organisations consistently underestimate as an attack target: IT Service Management tools. ITSM platforms aggregate privileged information about the organisation's infrastructure, credentials, and operational processes — making them a high-value target and a high-consequence breach.

#servicenow +7
⚖️ Risk Mgmt

Developer Workstations as Supply-Chain Risk: Governance Framework for Engineering Environments

TeamPCP's simultaneous three-vector attack on developer tooling reveals a governance gap that exists in most organisations: developer workstations accumulate privileged access over time but operate outside the security governance processes that manage server infrastructure. A developer machine with production credentials is server-equivalent infrastructure.

#developer-security +5
🔑 IAM

Microsoft Reverses Course on Edge Plaintext Password Exposure — Update Will Prevent Loading Saved Passwords into Process Memory

Following disclosure on 11 May that Microsoft Edge loads saved passwords as plaintext into process memory at startup, Microsoft confirmed it will release a patch preventing password data from being loaded into memory outside of active use contexts. The fix addresses the specific vulnerability class that allows process memory dumpers to extract Edge-saved credentials without user interaction.

#microsoft-edge +4
🏛️ Architecture

Microsoft Edge Stores Saved Passwords as Plaintext in Process Memory — No CVE, No Patch

Security researchers have documented that Microsoft Edge's built-in password manager stores user-saved passwords in cleartext within the browser's process memory — readable by any process on the same system with the ability to dump Edge process memory. Microsoft has acknowledged the behaviour and characterised it as a performance design decision, not a vulnerability warranting a security fix. Users relying on Edge's password manager for credential storage should understand what this means for their threat model.

#microsoft-edge +6

Commentary tagged #credential-security

Opinion

The ITSM Platform Is the Map to Your Infrastructure — and You've Left It Unlocked

The ServiceNow API breach is the latest confirmation that IT Service Management platforms are among the highest-value targets in the enterprise. They contain everything an attacker needs to plan a targeted intrusion: network topology, patch status, change windows, and credentials. The industry's classification of these platforms as 'IT operations tools' rather than 'sensitive data repositories' is a governance error with real consequences.

CipherWatch Editorial

Security Intelligence Platform