All news with #iam tag

Microsoft October 2025 Patch Causes Enterprise Failures

🚨 The October 2025 Windows security update KB5066835, intended to move cryptography from CSP to KSP, is causing widespread enterprise disruption. Affected platforms — including Windows 10 (22H2), Windows 11 (23H2–25H2) and several Windows Server releases — report smartcard and certificate failures, USB mouse/keyboard loss in WinRE, IIS ERR_CONNECTION_RESET and WUSA installation errors. Microsoft published a registry workaround (DisableCapiOverrideForRSA=0) and an out‑of‑band update (KB5070773) for some issues, but urges caution and recommends thorough testing before broad deployment.

Securing AI in Defense: Trust, Identity, and Controls

🔐 AI promises stronger cyber defense but expands the attack surface if not governed properly. Organizations must secure models, data pipelines, and agentic systems with the same rigor applied to critical infrastructure. Identity is central: treat every model or autonomous agent as a first‑class identity with scoped credentials, strong authentication, and end‑to‑end audit logging. Adopt layered controls for access, data, deployment, inference, monitoring, and model integrity to mitigate threats such as prompt injection, model poisoning, and credential leakage.

Audit Microsoft 365 for Hidden Malicious OAuth Applications

🔍 Matt Kiely of Huntress Labs urges Microsoft 365 administrators to audit OAuth applications across their tenants and provides a pragmatic starting tool, Cazadora. The research shows both abused legitimate apps (Traitorware) and bespoke malicious apps (Stealthware) can persist for years and that Azure’s default user-consent model enables these abuses. Operators should check Enterprise Applications and Application Registrations for suspicious names, anomalous reply URLs (notably a localhost loopback with port 7823), and other anomalous attributes, then take remediation steps.

Identity Security: Your First and Last Line of Defense

⚠️ Enterprises now face a reality where autonomous AI agents run with system privileges, executing code and accessing sensitive data without human oversight. Fewer than 4 in 10 AI agents are governed by identity security policies, creating serious visibility and control gaps. Mature identity programs that use AI-driven identity controls and real-time data sync deliver stronger ROI, reduced risk, and operational efficiency. CISOs must move IAM from compliance checkbox to strategic enabler.

Hardening Customer Support Tools to Prevent Lateral Attacks

🔐 Microsoft Deputy CISO Raji Dani outlines the importance of hardening customer support tools and identities to reduce the risk of lateral movement and data exposure. The post recommends dedicated, isolated support identities protected by Privileged Role MFA and strict device controls. It advocates case-based RBAC with just-in-time and just-enough access, minimizing service-to-service trust, and deploying robust telemetry to speed detection and response. These layered controls apply to in-house teams and third-party providers.

Google introduces Recovery Contacts to aid account recovery

🔒 Google is introducing Recovery Contacts, a new account-recovery option that lets you designate trusted friends or family to help regain access if you lose a password or device. When you request help, you share a one-time verification code with your chosen contact; they receive an email or notification and confirm the code to verify it’s really you. Your recovery contact will not have access to your account or personal data. The feature complements passkeys and existing recovery tools and is rolling out now.

Beyond Security Awareness: Proactive Threat Hunting

🔍 Security Awareness Month highlights the human side of defense but by itself it cannot sustain long-term resilience. The author argues organizations must pair awareness with proactive threat hunting and a structured Continuous Threat Exposure Management (CTEM) program to find misconfigurations, exposed credentials, and excessive privileges before attackers can exploit them. He outlines a three-step readiness model: collect attacker-centric data, map attack paths with a digital twin, and prioritize remediation by business impact.

Building a Lasting Security Culture at Microsoft Initiative

🔐 Microsoft frames security culture as a company-wide movement driven by people and operationalized through the Secure Future Initiative (SFI). The company overhauled employee education—launching the Microsoft Security Academy, refreshing the Security Foundations series, and requiring three annual sessions (90 minutes total)—to address AI-enabled attacks, deepfakes, and identity threats. Leadership mandates, linked compensation, measurable training outcomes (99% completion; rising satisfaction and relevancy scores), new identity and AI guides, Deputy CISOs in engineering, and embedded DevSecOps are highlighted as evidence of measurable cultural change.

SonicWall SSLVPN Accounts Breached With Stolen Credentials

🛡️ Researchers report that threat actors have compromised more than a hundred SonicWall SSLVPN accounts in a large-scale campaign that began on October 4 and persisted through at least October 10. The attackers appear to be using valid, stolen credentials rather than brute-force methods, and many malicious requests originated from IP 202.155.8[.]73. After authenticating, actors conducted reconnaissance and attempted lateral movement to access numerous local Windows accounts; investigators recommend immediate secret rotation, strict access restrictions, and multi-factor authentication for all admin and remote accounts.

Dull but Dangerous: 15 Overlooked Cybersecurity Gaps

🔒 This article catalogs 15 frequently overlooked security blind spots that quietly increase organizational risk across six domains: time & telemetry, identity & edge, configuration & crypto, DNS & web trust, cloud & SaaS sprawl, and software supply chain & recovery readiness. It explains how mundane issues — NTP drift, orphaned DNS records, default IoT credentials, stale backups — become high-impact failures. The piece recommends immediate inventories, enforced baselines and a 90-day action plan to measure and close these gaps, and highlights metrics to track such as log coverage, patching cadence and backup restore success.

Strengthening Access Controls to Prevent Ransomware

🔐 Ransomware intrusions increasingly begin with compromised identities: recent analyses attribute roughly three quarters of incidents to stolen or misused credentials. Defenses must shift from infrastructure-centric controls to identity-first models like Zero Trust, combining RBAC, MFA and context-aware authentication. Adaptive, risk-based access and passwordless methods reduce friction while improving detection and auditability. Regulatory regimes such as NIS2 and DORA further mandate auditable access controls.

Closing the Cloud Security Gap: Key Findings 2025 Report

🔒 The 2025 Unit 42 Global Incident Response Report shows that nearly a third of incidents investigated in 2024 were cloud-related, with 21% of cases directly impacting cloud assets. The article stresses the importance of the shared responsibility model and full, dynamic visibility to manage resource sprawl, misconfigurations and complex cloud-native architectures. It highlights identity misuse and overpermissioned accounts as frequent attack vectors and urges least privilege, credential rotation and robust logging. Palo Alto Networks recommends unified posture and response through Cortex Cloud and integration with Cortex XSIAM to reduce noise and automate remediation.

ThreatsDay: Teams Abuse, MFA Hijack, $2B Crypto Heist

🛡️ Microsoft and researchers report threat actors abusing Microsoft Teams for extortion, social engineering, and financial theft after hijacking MFA with social engineering resets. Separate campaigns use malicious .LNK files to deliver PowerShell droppers and DLL implants that establish persistent command-and-control. Analysts also link over $2 billion in 2025 crypto thefts to North Korean‑linked groups and identify AI-driven disinformation, IoT flaws, and cloud misconfigurations as multiplying risk. Defenders are urged to harden identity, secure endpoints and apps, patch exposed services, and limit long-lived cloud credentials.

Token Theft Fuels SaaS Breaches — Security Teams Must Act

🔐 Token theft is now a primary vector for SaaS breaches, with stolen OAuth, API keys, and session tokens enabling attackers to bypass MFA and access integrated services. High-profile incidents from 2023 to 2025 show how a single unrotated token can compromise code, secrets, or customer data across platforms. Teams should prioritize discovery, continuous monitoring, and strict token hygiene—rotation, least-privilege scopes, approval workflows, and prompt revocation.

Transitioning to Passwordless Authentication with PKI

🔐 Organizations facing rising phishing and ransomware threats are moving from passwords to PKI-based authentication to close gaps in traditional MFA. Certificates issued by a trusted CA and backed by asymmetric cryptography replace passwords and vulnerable SMS codes, improving both security and usability. Automated lifecycle management and user self-service reduce administrative overhead, while crypto-agility preserves long-term resilience.

Cybersecurity Nightmares: Password Graveyard Webinar

🔒 Join The Hacker News and Specops Software for a Halloween webinar, "Cybersecurity Nightmares: Tales from the Password Graveyard," that examines how weak passwords lead to costly breaches and operational strain. The live session reviews real breach stories, explains why traditional complexity rules fail, and offers a live demo showing how Specops blocks breached passwords in real time and builds compliant, user-friendly policies. Attendees will get a straightforward three-step plan to cut helpdesk resets, meet compliance, and stop credential-based attacks.

Responding to Cloud Incidents: Investigation and Recovery

🔍 Unit 42 outlines a structured approach to investigating and responding to cloud incidents, noting that 29% of 2024 incident investigations involved cloud or SaaS environments. The guidance emphasizes a shift from endpoint-centric forensics to focus on identities, misconfigurations and service interactions. It recommends enabling and centralizing logs, retaining them for at least 90 days, and preparing for rapid evidence collection and VM/container imaging. The article stresses identity forensics, behavioral baselining and surgical containment to avoid alerting adversaries.

Cloud and Application Security: Awareness Best Practices

🔐 The 2025 State of Cloud Security Report from Fortinet and Cybersecurity Insiders highlights how accelerating cloud adoption and a widespread cybersecurity skills shortage are expanding organizational risk across SaaS, APIs, and hybrid environments. Many incidents result from human error — misconfigurations, exposed APIs, and overprivileged accounts — rather than sophisticated targeted attacks. The post recommends five practical measures, including embracing shared responsibility, enforcing MFA and least privilege, integrating security into CI/CD, automating configuration management, and monitoring SaaS and APIs, and stresses that tools must be paired with user awareness and cultural change.

Simplifying Zero Trust Contractor Access with Secure Browser

🔒 A secure enterprise browser provides a practical, cost-efficient Zero Trust approach to managing contractor access, reducing reliance on complex VPNs and broad network privileges. By isolating sessions and enforcing granular policies per user and resource, organizations can grant contractors only the access required for their role. This reduces attack surface, simplifies administration, and lowers operational costs while supporting both short-term and long-term engagements.

CISOs Rethink Security Organization for the AI Era

🔒 CISOs are re-evaluating organizational roles, processes, and partnerships as AI accelerates both attacks and defenses. Leaders say AI is elevating the CISO into strategic C-suite conversations and reshaping collaboration with IT, while security teams use AI to triage alerts, automate repetitive tasks, and focus on higher-value work. Experts stress that AI magnifies existing weaknesses, so fundamentals like IAM, network segmentation, and patching remain critical, and recommend piloting AI in narrow use cases to augment human judgment rather than replace it.