When to use an authenticated/credentialed vulnerability scan | allinfosecnews.com

March 27, 2024, 2:28 p.m. | /u/Adventurous-Dog-6158

cybersecurity www.reddit.com

I'm not clear on why there is a push to use authenticated scans right off the bat. Generally, an authenticated scan uses a privileged account, so my thought is that I would have bigger problems than vulnerabilities if an attacker has credentials for a privileged account. So why not first focus on vulnerabilities that do not require a privileged account to exploit, especially when an InfoSec program is immature and there are thousands of vulnerabilities?

I do understand that compliance …

account attacker bat clear credentials cybersecurity focus privileged problems scan scans thought vulnerabilities vulnerability vulnerability scan

More from www.reddit.com / cybersecurity

Cisco reveals zero-day attacks used by hackers to attack government networks in major threat campaign 2 hours ago | www.reddit.com

attack attacks campaign cisco +7

Any Fortune 100 company go all in on Microsoft E5 Security Suite? 12 hours ago | www.reddit.com

all in cybersecurity defender defenders +12

Blueteam Certification like cybersecurity engineers 13 hours ago | www.reddit.com

architect blueteam certification certifications +12

Fake job interviews target developers with new Python backdoor 16 hours ago | www.reddit.com

backdoor cybersecurity developers fake +7

Passkeys: A Shattered Dream 16 hours ago | www.reddit.com

cybersecurity dream passkeys

Cyberattack Gold: SBOMs Offer an Easy Census of Vulnerable Software 16 hours ago | www.reddit.com

census cyberattack cybersecurity easy +4

Ukraine's military intelligence launches cyberattack against United Russia party 17 hours ago | www.reddit.com

cyberattack cybersecurity intelligence military +4

The XZ Utils Backdoor explained - Columbia University Lecture 19 hours ago | www.reddit.com

Cybersecurity for Government 20 hours ago | www.reddit.com

budget corporate cybersecurity goals +8

SOC 2 Manager, Audit and Certification

@ Deloitte | US and CA Multiple Locations

View on infosec-jobs.com

Open-Source Intelligence (OSINT) Policy Analyst (TS/SCI)

@ WWC Global | Reston, Virginia, United States

View on infosec-jobs.com

Security Architect (DevSecOps)

@ EUROPEAN DYNAMICS | Brussels, Brussels, Belgium

View on infosec-jobs.com

Infrastructure Security Architect

@ Ørsted | Kuala Lumpur, MY

View on infosec-jobs.com

Contract Penetration Tester

@ Evolve Security | United States - Remote

View on infosec-jobs.com

Senior Penetration Tester

@ DigitalOcean | Canada

View on infosec-jobs.com