https://microsegment.io/tags/management-plane/ Recent content in Management-Plane on microsegment.io Hugo en-us Wed, 08 Apr 2026 00:00:00 +0000 https://microsegment.io/post/2026-04-08-management-consoles-keys-to-the-kingdom/ Wed, 08 Apr 2026 00:00:00 +0000 https://microsegment.io/post/2026-04-08-management-consoles-keys-to-the-kingdom/ <h2 id="the-wrong-thing-is-still-trusted">The Wrong Thing Is Still Trusted</h2> <p>Defenders keep hardening endpoints, tuning detections, and buying more visibility.</p> <p>Meanwhile, attackers keep going after the systems that already have permission to touch everything.</p> <p>That is the real problem with management consoles.</p> <p>When a laptop gets compromised, you have an incident.</p> <p>When a management console gets compromised, you may have a change-control problem, an identity problem, a visibility problem, and a lateral movement problem all at once.</p> https://microsegment.io/post/2026-03-26-hard-truths-1-security-tools-attack-surface/ Thu, 26 Mar 2026 00:00:00 +0000 https://microsegment.io/post/2026-03-26-hard-truths-1-security-tools-attack-surface/ <h2 id="the-pattern-nobody-wants-to-see">The Pattern Nobody Wants to See</h2> <p>This month alone, four major security vendors had their management infrastructure turned into attack vectors. Not the endpoints they protect. The management consoles that control them.</p> <p>Let that sink in.</p> <h3 id="the-incidents">The Incidents</h3> <p><strong>Cisco Secure Firewall Management Center</strong> - CVE-2026-20131, CVSS 10.0. Unauthenticated remote code execution as root. The Interlock ransomware group exploited this as a zero-day for <strong>36 days</strong> before Cisco even disclosed it. Amazon&rsquo;s threat intelligence team caught them exploiting it since January 26. The attackers had custom RATs, recon scripts, proxy infrastructure - the full playbook. All through a firewall management console.</p>