All news with #iam tag

OAuth Device Code Phishing: Azure vs Google Compared

🔐 Matt Kiely of Huntress examines how the OAuth 2.0 device code flow enables phishing and highlights stark differences between Microsoft and Google. He walks through the device-code attack chain — generating a device code, social-engineering a user to enter it on a legitimate site, and polling the token endpoint to harvest access and refresh tokens. The analysis shows Azure’s implementation lets attackers control client_id and resource parameters to obtain powerful tokens, while Google’s implementation restricts device-code scopes and requires app controls that significantly limit abuse. Practical examples, cURL/Python snippets, and mitigation advice are included for defenders.

The Unified Linkage Model: Reframing Cyber Risk in Practice

🔗The Unified Linkage Model (ULM) reframes cyber risk by focusing on the relationships — not just individual assets — that allow vulnerabilities and adversaries to propagate across systems. Drawing on the Okta 2023 support-credential compromise, the model highlights three structural linkage types: adjacency, inheritance and trustworthiness. ULM shifts analysis from topology or isolated CVE lists to the connective tissue that enables systemic exposure. Applied correctly, it clarifies prioritization, accelerates impact analysis and unifies threat and vulnerability data into actionable risk pathways.

Aembit Launches IAM for Agentic AI with Blended Identity

🔐 Aembit today announced Aembit Identity and Access Management (IAM) for Agentic AI, introducing Blended Identity and the MCP Identity Gateway to assign cryptographically verified identities and ephemeral credentials to AI agents. The solution extends the Aembit Workload IAM Platform to enforce runtime policies, apply least-privilege access, and maintain centralized audit trails for agent and human actions. Designed for cloud, on‑premises, and SaaS environments, it records every access decision and preserves attribution across autonomous and human-driven workflows.

Amazon S3 Access Grants Expand to Thailand and Mexico

🔒 Amazon S3 Access Grants are now available in the AWS Asia Pacific (Thailand) and AWS Mexico (Central) Regions. The feature maps corporate identities—such as Microsoft Entra ID or AWS IAM principals—to S3 datasets, enabling administrators to automate and scale dataset access. This reduces manual policy overhead and helps ensure consistent, auditable permissions. Check the AWS Region Table and product page for regional availability and details.

Rethinking Identity Security for Autonomous AI Agents

🔐 Autonomous AI agents are creating a new class of non-human identities that traditional, human-centric security models struggle to govern. These agents can persist beyond intended lifecycles, hold excessive permissions, and perform actions across systems without clear ownership, increasing risks like privilege escalation and large-scale data exfiltration. Security teams must adopt identity-first controls—unique managed identities, strict scoping, lifecycle management, and continuous auditing—to regain visibility and enforce least privilege.

CISA Releases Microsoft Exchange Server Security Guide

🔐 Today, CISA, in collaboration with the National Security Agency and international partners, published Microsoft Exchange Server Security Best Practices to help defenders harden on-premises Exchange servers against ongoing exploitation. The guidance emphasizes strengthening user authentication and access controls, enforcing robust network encryption, and reducing application attack surfaces through configuration and feature management. CISA also urges organizations to decommission end-of-life or hybrid 'last Exchange' servers after migrating to Microsoft 365 to reduce exposure to continued exploitation.

Amazon S3 Adds Conditional Copy Support for Writes

🔐 Amazon S3 now supports conditional copy operations via the CopyObject API, enabling verification of an object's existence or content in the destination bucket before copying. You can supply the HTTP If-None-Match header to ensure the destination object does not exist, or If-Match with an ETag to validate content prior to copy. Administrators can enforce these checks using s3:if-match and s3:if-none-match bucket policy condition keys. This capability is available at no additional charge in all AWS Regions and removes the need for additional client-side coordination or pre-copy validation calls.

Preparing for the Digital Battlefield of Identity Risk

🔒 BeyondTrust's 2026 predictions argue that the next major breaches will stem from unmanaged identity debt rather than simple phishing. The report highlights three identity-driven threats: agentic AI acting as privileged deputies vulnerable to prompt manipulation, automated "account poisoning" in financial systems, and long-dormant "ghost" identities surfacing in legacy IAM. The authors recommend an identity-first posture with strict least-privilege, context-aware controls, real-time auditing, and stronger identity governance.

Identity Crisis at the Perimeter: AI-Driven Impersonation

🛡️ Organizations face an identity crisis as generative AI and vast troves of breached personal data enable realistic digital doppelgangers. Attackers now automate hyper-personalized phishing, smishing and vishing, clone voices, and run coordinated multi-channel campaigns that reference real colleagues and recent projects. The article urges a shift to “never trust, always verify,” with radical visibility, rapid detection and phishing-resistant authentication such as FIDO2. It also warns of emerging agentic AI and recommends strict least-privilege controls plus continuous red-teaming.

Privileged Account Monitoring and Protection Guide Overview

🔐 This article outlines Mandiant's practical framework for securing privileged access across modern enterprise and cloud environments. It emphasizes a three-pillar approach—Prevention, Detection, and Response—and details controls such as PAM, PAWs, JIT/JEA, MFA, secrets rotation, and tiered access. The post highlights detection engineering, high-fidelity session capture, and SOAR automation to reduce dwell time and blast radius, and concludes with incident response guidance including enterprise password rotations and protected recovery paths.

Amazon Cognito Adds Resource Indicators for OAuth 2.0

🔐 Amazon Cognito now accepts resource indicators in OAuth 2.0 access token requests, enabling app clients to request tokens targeted to a specific protected resource rather than a broad service audience. After authenticating the client, Cognito issues an access token with the aud claim set to that resource. This replaces prior workarounds that relied on non‑standard claims or custom scopes and simplifies issuing resource‑specific tokens for agents and other clients. The capability is available to Cognito Managed Login customers on Essentials and Plus tiers in Regions where Cognito is offered, including AWS GovCloud (US).

Proving Data Sovereignty: Controls, Keys, and Audits

🔒 The article argues that data sovereignty commitments like Project Texas must be supported by auditable, technical evidence rather than marketing promises. It prescribes five concrete, testable controls — brokered zero‑trust access, in‑region HSM keys, immutable WORM logs, continuous validation, and third‑party attestation — plus measurable metrics to prove compliance. A 90‑day blueprint and emerging AI automation are offered to operationalize verification and produce regulator‑ready, reproducible evidence.

Threat Actor Misuse of AzureHound for Cloud Discovery

🔍 AzureHound is an open-source Go-based enumeration tool designed for cloud discovery and red-team assessments that threat actors also misuse to map Entra ID and Azure resources. Unit 42 outlines how adversaries leverage Microsoft Graph and Azure REST APIs to enumerate users, groups, roles, storage and services and to identify privilege escalation paths. The report highlights observable artifacts such as the user-agent azurehound/ and discusses detection opportunities in Microsoft Graph, Entra ID sign-in logs and Cortex XQL hunts. Practical mitigations include phishing-resistant MFA, Conditional Access Policies, token binding and broad endpoint and cloud visibility.

Why Threat Actors Succeed and How Defenders Respond

🔍 The Unit 42 2025 Incident Response analysis explains that attackers exploit complexity, visibility gaps and excessive trust to succeed against organizations of all sizes. The report notes almost a third of incidents were cloud-related, IAM failures appeared in 41% of cases and attackers often moved within an hour, causing outsized disruption and cost. The recommended response is to consolidate telemetry into an integrated platform like Cortex, extend protection into cloud with Cortex Cloud, secure browser activity with Prisma Browser, and engage Unit 42 for advisory and retainer services.

AWS Transfer Family: Change IdP Type Without Downtime

🔁 AWS Transfer Family now lets administrators change a server's identity provider (IdP) type without service interruption. This update allows dynamic switching among service-managed, Active Directory, and custom IdP authentication for SFTP, FTPS, and FTP servers, enabling zero-downtime migrations and faster compliance adaptation. The capability is available in all AWS Regions where Transfer Family operates.

Amazon Connect Introduces Granular Recording Permissions

🔒 Amazon Connect now offers granular UI permissions for conversation recordings and transcripts, enabling administrators to control access to playback, copying and downloads separately. Administrators can allow users to listen to calls while preventing transcript copying, and set download rules that permit redacted recordings but block unredacted downloads. The capability supports complex scenarios where sensitive conversations remain redacted while other interactions remain fully available.

Zero Trust Blind Spot: Identity Risk in AI Agents Now

🔒 Agentic AI introduces a mounting Zero Trust challenge as autonomous agents increasingly act with inherited or unmanaged credentials, creating orphaned identities and ungoverned access. Ido Shlomo of Token Security argues that identity must be the root of trust and recommends applying the NIST AI RMF through an identity-driven Zero Trust lens. Organizations should discover and inventory agents, assign unique managed identities and owners, enforce intent-based least privilege, and apply lifecycle controls, monitoring, and governance to restore auditability and accountability.

Secure AI at Scale and Speed: Free Webinar Framework

🔐 The Hacker News is promoting a free webinar that presents a practical framework to secure AI at scale while preserving speed of adoption. Organizers warn of a growing “quiet crisis”: rapid proliferation of unmanaged AI agents and identities that lack lifecycle controls. The session focuses on embedding security by design, governing AI agents that behave like users, and stopping credential sprawl and privilege abuse from Day One. It is aimed at engineers, architects, and CISOs seeking to move from reactive firefighting to proactive enablement.

Enterprises Move From Static Secrets to Managed Identities

🔐 Organizations are rapidly replacing embedded API keys and passwords with platform-native managed identities to reduce manual credential management and leakage risk. Enterprises report significant productivity gains—case studies cite up to a 95% reduction in time spent managing credentials and a 75% drop in time learning platform authentication. While major clouds (AWS, Azure, GCP) and CI platforms have built-in solutions, legacy systems and third-party APIs remain the primary obstacles to eliminating static secrets entirely.

Agent Factory Recap: Securing AI Agents in Production

🛡️ This recap of the Agent Factory episode explains practical strategies for securing production AI agents, demonstrating attacks like prompt injection, invisible Unicode exploits, and vector DB context poisoning. It highlights Model Armor for pre- and post-inference filtering, sandboxed execution, network isolation, observability, and tool safeguards via the Agent Development Kit (ADK). The team demonstrates a secured DevOps assistant that blocks data-exfiltration attempts while preserving intended functionality and provides operational guidance on multi-agent authentication, least-privilege IAM, and compliance-ready logging.