CyberArk: CA26-14 – Prototype pollution in the Axios library
CyberArk have released Security Bulletin CA26-14 which describes Prototype pollution in the Axios library which is used by the PVWA servers in a self-hosted deployment.
Axios is a promise based HTTP client for the browser and Node.js that can be crashed causing complete denial of service. There is no temporary mitigation available for this, however, to CyberArk’s knowledge, this hasn’t been exploited in the wild.
CyberArk: Connect With Trusted RDP Files
SIA can now digitally sign RDP files with your organization’s own certificate, eliminating the “Unknown Publisher” security warnings that previously created friction and eroded user trust during vaulted, ZSP, and JIT RDP sessions. This means end users get a seamless, warning-free connection experience with confidence that RDP launches genuinely originate from a trusted source.
Beyond the vault: Why Universal Privilege is the future of Privileged Access
SailPoint: Privilege Discovery and Classification / Privilege Insights
New Features:
Privilege Discovery and Classification:
SailPoint has introduced Privilege Discovery and Classification as a foundational component of SailPoint Identity Security Cloud. This capability is designed to help organizations automatically identify privileged entitlements across the enterprise, reducing the need for manual review and giving security teams broader visibility into where privileged access exists.
Classify Privilege by Risk:
With this enhancement, privileged entitlements can be classified by risk level, such as high, medium, or low. This helps organizations prioritize the access that matters most and focus effort on the entitlements that present the greatest potential exposure to the business.
Highlight Key Risk Areas:
These new capabilities help security teams visually pinpoint the areas of privileged access that create the highest risk. This gives teams a more practical way to understand where access-related exposure exists and where stronger controls may be needed.
Privilege Insights / Visualize Pathways to Privilege:
Through SailPoint Observability and Insights, security teams can now better understand how privilege is assigned, inherited, and exposed across identities. This includes visibility into direct privilege as well as hidden or overlapping pathways to privilege, helping organizations reduce unnecessary access and support a stronger least privilege model.
Support for Least Privilege at Scale:
SailPoint positions these capabilities as a way to make least privilege more achievable in large, fast-changing environments. Instead of relying on slow, manual analysis across massive entitlement sets, organizations can discover and evaluate privileged access much more efficiently. SailPoint states that work that previously could take years of manual analysis can now be done in days or hours.
Platform Availability:
These capabilities are available as part of SailPoint Identity Security Cloud and form part of SailPoint’s broader privilege security direction.
Further details available here:
Beyond the vault: Why Universal Privilege is the future of Privileged Access
CyberArk-Security-Bulletin-CA26-07
CyberArk customers should review the most recent security patch (released on 4th Feb) for applicability in their environments.
CA26-07 involves a High severity vulnerability that affects Credential Providers (CP), version 14.2 and all its patches prior 14.2.5.
https://community.cyberark.com/s/article/CyberArk-Security-Bulletin-CA26-07
Note: CCP and ASCP are not impacted by this vulnerability.
