Tag: identity
-
Survey Surfaces Scope of Identity and Access Management Challenges
A survey of 625 IT and IT security professionals in the U.S. published today finds only half (50%) consider the investments made in identity and access management (IAM) tools to be effective. Conducted by the Ponemon Institute on behalf of GuidePoint Security, a provider of cybersecurity services, the survey also finds only 44% have high..…
-
How Red Canary Acquisition Will Fortify Zscaler’s MDR Muscle
Zscaler Aims for SOC Leadership With Enhanced Visibility Across Endpoints and Cloud. By acquiring Denver-based startup Red Canary, cloud security stalwart Zscaler adds deep MDR functionality and aims to unify detection workflows across its customer environments using insights from its massive transaction volume, identity analytics and Red Canary’s advanced threat-hunting service. First seen on govinfosecurity.com…
-
An Enterprise Playbook to Defending Against Volt Typhoon
An identity threat detection approach built on access intelligence is key to identifying and disrupting campaigns like Volt Typhoon. First seen on securityboulevard.com Jump to article: securityboulevard.com/2025/05/an-enterprise-playbook-to-defending-against-volt-typhoon/
-
Find the Best CIAM Solution for Your Business: A Comprehensive Guide to Modern Customer Identity Management
We’ve reached a point where customers won’t wait even a few seconds for an app to load or a login to work. In this new era of digital impatience, CIAM platforms have become business critical, serving as direct contributors to conversion rates, user retention, and data protection. First seen on securityboulevard.com Jump to article: securityboulevard.com/2025/05/find-the-best-ciam-solution-for-your-business-a-comprehensive-guide-to-modern-customer-identity-management/
-
Cisco launches new identity access management products, services
First seen on scworld.com Jump to article: www.scworld.com/news/cisco-launches-new-identity-access-management-products-services
-
BalkanID Launches Self-Service IGA Lite with Transparent Pricing for Identity Governance
First seen on scworld.com Jump to article: www.scworld.com/news/balkanid-launches-self-service-iga-lite-with-transparent-pricing-for-identity-governance
-
Cisco Duo Expands Beyond MFA, Launches Security-First Identity and Access Management Platform
First seen on scworld.com Jump to article: www.scworld.com/news/cisco-duo-expands-beyond-mfa-launches-security-first-identity-and-access-management-platform
-
Will AI agent-fueled attacks force CISOs to fast-track passwordless projects?
Tags: access, ai, api, attack, authentication, breach, business, ciso, cloud, credentials, cyber, cybersecurity, data, fido, finance, framework, google, Hardware, identity, login, metric, microsoft, okta, passkey, password, phishing, privacy, risk, risk-management, service, technology, threat, tool, update, zero-trustPasswordless options: In retiring passwords, security leaders will need to consider their options, passkeys, biometrics, and third-party login services, looking for the best technical, usability, and security fit. There are pros and cons for each option, and in many cases CISOs may be guided towards one based on their existing environment.Passkeys, used by Microsoft, Samsung,…
-
New Russian APT group Void Blizzard targets NATO-based orgs after infiltrating Dutch police
Tags: access, api, apt, attack, authentication, blizzard, cloud, credentials, data, defense, detection, edr, email, fido, framework, group, hacker, identity, least-privilege, login, mfa, microsoft, open-source, passkey, password, phishing, qr, risk, russia, siem, spear-phishing, switch, threat, toolSwitch to spear phishing: In recent months the group seems to have pivoted from password spraying to targeted spear phishing attacks that direct users to fake Microsoft Entra login pages using adversary-in-the-middle (AitM) techniques. Such a campaign led to the compromise of 20 NGOs in April.In its campaign against NGOs, Void Blizzard sent emails masquerading…
-
About 40% of apps lack identity security basics
Tags: identityFirst seen on scworld.com Jump to article: www.scworld.com/news/40-of-apps-lack-identity-security-basics
-
AI Agents and the Non”‘Human Identity Crisis: How to Deploy AI”¯More Securely”¯at”¯Scale
Artificial intelligence is driving a massive shift in enterprise productivity, from GitHub”¯Copilot’s code completions to chatbots that mine internal knowledge bases for instant answers. Each new agent must authenticate to other services, quietly swelling the population of non”‘human identities (NHIs) across corporate clouds.That population is already overwhelming the enterprise: many companies First seen on thehackernews.com…
-
How Hunters International Used the Browser to Breach Enterprises”Š”, “ŠAnd Why They Didn’t See It”¦
How Hunters International Used the Browser to Breach Enterprises”Š”, “ŠAnd Why They Didn’t See It Coming At RSAC 2025, Cato Networks delivered a presentation that SOC teams and CISOs will want to pay attention to: “Suspicious Minds”Š”, “ŠHunting Threats That Don’t Trigger Security Alerts.” The session showcased ransomware campaigns that bypassed traditional detection. In some cases,…
-
New identity expected to be embraced by reemergent Killnet group
First seen on scworld.com Jump to article: www.scworld.com/brief/new-identity-expected-to-be-embraced-by-reemergent-killnet-group
-
Zero-Trust Policy Bypass Enables Exploitation of Vulnerabilities and Manipulation of NHI Secrets
Tags: attack, cve, cyber, data-breach, dns, exploit, identity, infrastructure, vulnerability, zero-trustA new project has exposed a critical attack vector that exploits protocol vulnerabilities to disrupt DNS infrastructure, manipulate Non-Human Identity (NHI) secrets, and ultimately bypass zero-trust security frameworks. This research, conducted in a controlled lab environment, highlights a sophisticated attack chain targeting BIND DNS servers using a known vulnerability, CVE-2025-40775, rated as High severity with…
-
Proof of Concept: Rethinking Identity for the Age of AI Agents
Identity Experts Adam Preis and Troy Leach. As enterprises deploy AI-powered systems, legacy identity frameworks struggle to keep up, leaving gaps in visibility, control and accountability. Adam Preis and Troy Leach joined editors at ISMG to discuss how AI agents and machine identities are redefining identity security. First seen on govinfosecurity.com Jump to article: www.govinfosecurity.com/proof-concept-rethinking-identity-for-age-ai-agents-a-28470
-
Critical infrastructure under attack: Flaws becoming weapon of choice
Tags: access, attack, authentication, breach, china, citrix, communications, control, cve, cyber, cybersecurity, dark-web, data-breach, defense, exploit, flaw, fortinet, government, group, hacker, healthcare, ibm, identity, incident, infrastructure, intelligence, iran, kev, login, mfa, monitoring, moveIT, network, ransomware, risk, service, software, strategy, supply-chain, threat, update, vpn, vulnerability, zero-dayTrade in exploit code: IBM’s X-Force found four of the 10 most mentioned common vulnerabilities and exposures (CVEs) on the dark web were linked to sophisticated threat actor groups, including nation-state intelligence agencies.”Exploit codes for these CVEs were openly traded on numerous forums, fueling a growing market for attacks against power grids, health networks, and…
-
Digital trust is cracking under the pressure of deepfakes, cybercrime
69% of global respondents to a Jumio survey say AI-powered fraud now poses a greater threat to personal security than traditional forms of identity theft. This number rises to … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/05/23/ai-powered-fraud-threat/
-
Navigating the New Frontiers of Identity: Insights from KuppingerCole EIC Summit 2025
Discover why machine identities are the new security frontier from KuppingerCole EIC 2025. Learn about secrets sprawl, AI agents, and why traditional IAM fails to protect NHIs in this GitGuardian recap. First seen on securityboulevard.com Jump to article: securityboulevard.com/2025/05/navigating-the-new-frontiers-of-identity-insights-from-kuppingercole-eic-summit-2025/
-
Russian APT28 compromised Western logistics and IT firms to track aid to Ukraine
Tags: access, advisory, api, authentication, cctv, cloud, computer, container, credentials, cve, cybersecurity, data, detection, email, exploit, flaw, government, hacker, identity, infrastructure, Internet, login, malicious, malware, mfa, military, network, ntlm, office, open-source, password, phishing, powershell, russia, service, software, threat, tool, ukraine, vulnerabilityCredential guessing and spearphishing: The attackers used brute-force credential guessing techniques, also known as password spraying, to gain initial access to accounts. This was complemented with targeted phishing emails that directed recipients to fake login pages for government entities or Western cloud email providers. These phishing pages were stored on free web hosting services or…
-
Suridata Buy Adds SaaS Posture Management to Fortinet SASE
Deal Aims to Target Identity and AI Risks, SaaS Blind Spots With Unified Security. By acquiring Suridata, Fortinet plans to introduce SaaS Security Posture Management to its SASE platform. The update provides end-to-end visibility into SaaS apps, identity threats and AI plugin misuse, making SSPM a vital control plane in cloud-first security strategies. First seen…
-
BItwarden Partners with GuidePoint for Identity Management
Tags: identityFirst seen on scworld.com Jump to article: www.scworld.com/news/bitwarden-partners-with-guidepoint-for-identity-management
-
How Identity Plays a Part in 5 Stages of a Cyber Attack
Tags: access, attack, authentication, breach, cloud, computer, container, control, credentials, cyber, data, data-breach, detection, endpoint, exploit, group, iam, identity, intelligence, malicious, malware, mfa, microsoft, monitoring, password, powershell, ransomware, risk, technology, threat, tool, vulnerabilityWhile credential abuse is a primary initial access vector, identity compromise plays a key role in most stages of a cyber attack. Here’s what you need to know, and how Tenable can help. Identity compromise plays a pivotal role in how attackers move laterally through an organization. Credential abuse is the top initial access vector,…
-
Russian hacker group Killnet returns with new identity
Earlier this month, Killnet claimed it had hacked Ukraine’s drone-tracking system after disappearing from public view in 2023. First seen on therecord.media Jump to article: therecord.media/russian-hacker-group-killnet-returns-with-new-identity
-
Samlify bug lets attackers bypass single sign-on
SAML authenticators should update to patched versions: The flaw has been addressed through patches in samlify versions 2.10.0 and later.Researchers have recommended that systems using SAML authentication must update to a fixed version and ensure “secure SSO flows: implement HTTPS and avoid untrusted sources for SAML flows.”SAML-powered SSO supports a range of use cases: enterprise…
-
Identity Security Has an Automation Problem”, And It’s Bigger Than You Think
For many organizations, identity security appears to be under control. On paper, everything checks out. But new research from Cerby, based on insights from over 500 IT and security leaders, reveals a different reality: too much still depends on people”, not systems”, to function. In fact, fewer than 4% of security teams have fully automated…
-
Cisco Identity Services RADIUS Vulnerability Allows Attackers to Trigger Denial of Service Condition
Cisco has disclosed a significant security vulnerability in its Identity Services Engine (ISE) that could enable unauthenticated remote attackers to cause denial of service conditions by exploiting flaws in the RADIUS message processing feature. The vulnerability, which was discovered during Cisco’s internal security testing, allows attackers to force affected devices to reload by sending specially…
-
Credit Washing and Synthetic ID Fraud Hit All-Time High
Auto Lending Sector Is Hardest Hit by Scammers Using Synthetic Identities. Synthetic identity and credit washing fraud have hit another record high and are showing no signs of slowing down, according to a new report by TransUnion. Unscrupulous credit repair companies are adding to the problem by convincing people in debt to create new identities.…
-
What Kind of Identity Should Your AI Agent Have?
7 min readAI agents don’t neatly fit into your IAM chart. They switch roles, borrow authority, and rewrite what identity means at runtime. Here’s what that means for you. First seen on securityboulevard.com Jump to article: securityboulevard.com/2025/05/what-kind-of-identity-should-your-ai-agent-have/