All news with #iam tag

Ten Essential Physical Security Measures for CISOs

🔒 Chief information security officers (CISOs) play a strategic role in physical security when systems such as badges, keycards and video surveillance are tied to IT and grant access to critical assets. This article outlines ten essential measures—from hardening data centers and mapping physical–cyber connections to securing IoT and surveillance systems—that CISOs should coordinate with facilities, legal and physical security teams. Implementing these controls reduces risk and supports incident response and compliance.

AWS Directory Service: Programmatic Edition Upgrades

🔁 AWS now lets customers upgrade Managed Microsoft AD from Standard to Enterprise Edition programmatically using the UpdateDirectorySetup API. The self-service workflow removes the need to open support tickets and automates pre-upgrade snapshots and sequential domain controller upgrades to preserve availability. Edition upgrades are available via the AWS SDK in all Directory Service regions and can be integrated with existing automation and infrastructure-as-code pipelines for on-demand scaling.

Service Desk as Attack Vector: Defend with Workflows

🔐 The service desk is now a primary enterprise perimeter for attackers, with social-engineering groups like Scattered Spider converting routine requests into broad access — as seen in high-impact incidents such as MGM Resorts and Clorox. Training matters but is not enough; verification must be a security-owned, auditable workflow rather than an agent’s discretionary call. Implement mandatory controls so agents never view credentials, apply role-based verification depths, and use points-based contingency checks when MFA fails. Integrate the flow with ITSM so tickets launch verification automatically, returning results and telemetry for alerting and audit.

Forrester Predicts Agentic AI Will Trigger 2026 Breach

⚠️ Forrester warns that an agentic AI deployment will trigger a publicly disclosed data breach in 2026, potentially prompting employee dismissals. Senior analyst Paddy Harrington noted that generative AI has already been linked to several breaches and cautioned that autonomous agents can sacrifice accuracy for speed without proper guardrails. He urges adoption of the AEGIS framework to secure intent, identity, data provenance and other controls. Check Point also reported malicious agentic tools accelerating attacker activity.

OneLogin API Bug Exposed OIDC Client Secrets in 2025

🔒Clutch Security disclosed a high-severity flaw in the One Identity OneLogin IAM platform that could leak OpenID Connect (OIDC) application client_secret values when queried with valid API credentials. The issue, tracked as CVE-2025-59363 with a CVSS score of 7.7, stemmed from the /api/2/apps endpoint returning secrets alongside app metadata. OneLogin remedied the behavior in OneLogin 2025.3.0 after responsible disclosure; administrators should apply the update, rotate exposed API and OIDC credentials, tighten RBAC scopes, and enable network-level protections such as IP allowlisting where available.

Case for Multidomain Visibility and Unified Response in SOCs

🔍 The 2025 Unit 42 Global Incident Response Report shows that 84% of investigated incidents involved activity across multiple attack fronts and 70% spanned at least three vectors, underscoring coordinated, multidomain campaigns. Attackers move laterally across cloud, SaaS, IT and OT, exploiting identities, misconfigurations and vulnerabilities. The report recommends unified telemetry, AI-driven behavioral analytics and stronger identity controls to improve detection and accelerate response.

2025 Cybersecurity Reality Check: Attack Surface Focus

🔍 Bitdefender's 2025 assessment highlights rising secrecy after breaches, a widening leadership-to-frontline disconnect, and an urgent shift to shrink enterprise attack surfaces. The report, combining surveys of over 1,200 IT and security professionals across six countries and analysis of 700,000 incidents, shows 84% of high-severity attacks leverage Living Off the Land techniques. Organizations are prioritizing attack surface reduction and simplification to improve resilience and detection.

AWS DataSync Supports VPC Endpoint Policies and FIPS

🔒 AWS DataSync now supports VPC endpoint policies, enabling administrators to control access to DataSync API operations through VPC service endpoints, including FIPS 140-3 enabled endpoints. You can restrict specific actions such as CreateTask, StartTaskExecution, or ListAgents and combine these controls with identity-based and resource-based policies. The capability is available in all AWS Regions and helps strengthen security posture and compliance when accessing DataSync via VPC endpoints.

AWS Storage Gateway Adds VPC Endpoint Policy Support

🔒 AWS Storage Gateway now supports VPC endpoint policies, allowing administrators to attach fine‑grained endpoint policies to VPC endpoints that control access to Storage Gateway direct APIs. Administrators can scope access by principal, action, and resource to reduce attack surface and enforce data protection controls. The capability is available in all Regions where Storage Gateway operates; review endpoint policies to align with your security and compliance requirements.

Security Hardening Essentials for Resource-Constrained SMBs

🔒 Security hardening boosts protection for organizations, especially SMBs, by reducing their attack surface without large additional investments. Key measures include strong authentication and authorization—enforcing strict passwords, multifactor authentication, least-privilege access and network access controls—alongside timely patching, data encryption and segmented, tested backups. Regular staff training, account audits and permission reviews complete a practical, low-cost defense posture.

Cloud Security Alliance Issues New SaaS Security Framework

🔐 The Cloud Security Alliance has published the SaaS Security Capability Framework (SSCF) to establish technical minimum requirements that help SaaS providers and customers apply Zero-Trust principles and address rising third-party risks highlighted by recent Salesforce attacks. The SSCF defines controls across six domains, including identity and access management, data lifecycle, and logging and monitoring, and translates business requirements into concrete, configurable security functions such as log forwarding, SSO enforcement and incident notification. CSA positions the SSCF as a complement to, not a replacement for, frameworks like ISO 27001, while vendors stress that continuous validation and operational implementation are essential to reduce real-world risk.

Agentic AI: A Looming Enterprise Security Crisis — Governance

⚠️ Many organizations are moving too quickly into agentic AI and risk major security failures unless boards embed governance and security from day one. The article argues that the shift from AI giving answers to AI taking actions changes the control surface to identity, privilege and oversight, and that most programs lack cross‑functional accountability. It recommends forming an Agentic Governance Council, defining measurable objectives and building zero trust guardrails, and highlights Prisma AIRS as a platform approach to restore visibility and control.

Six Ways to Curb Security Tool Proliferation in Organizations

🛡️ Organizations facing security-tool sprawl should begin by inventorying controls and eliminating those that no longer map to business risk. Use automated analytics and dashboards to surface ineffective or redundant products, and prioritize tools that enable automation to consolidate alerts and workflows. Remove duplicate solutions—often introduced through acquisitions or silos—and move toward unified platforms while fostering continuous training so teams actually use and benefit from deployed tools.

Microsoft temporary fix for Outlook encrypted errors

🔧 Microsoft is investigating a known issue that prevents users of the classic Outlook for Windows from opening OMEv2-encrypted emails sent from a different organization, producing the error message "Configuring your computer for Information Rights Management." As a temporary workaround, administrators can either exclude external users from Conditional Access requirements or enable cross-tenant trust for MFA claims in the Microsoft Entra admin center. Enabling cross-tenant trust is the recommended and easiest option, but both sending and receiving tenants must apply it for full cross-tenant compatibility.

Defending Against Credential Attacks with Hybrid Mesh

🔐 Credential-based attacks are at epidemic levels: the 2025 Verizon DBIR shows 22% of breaches begin with compromised credentials, and Check Point's External Risk Management saw leaked credential volumes rise 160% year‑over‑year. Attackers increasingly prefer to "log in" rather than "hack in," exploiting exposed passwords, tokens, API keys and OAuth abuse. The article recommends a hybrid mesh architecture that unifies identity, network, endpoint and cloud telemetry to apply context-aware, adaptive access controls, improved credential hygiene, and faster detection and response.

Okta Launches Identity Security Fabric for AI Agents

🔒 Okta introduced an Identity Security Fabric to secure AI agents and unify identity, application, and agent management across enterprises. The platform combines AI agent lifecycle management, a Cross App Access protocol, and Verifiable Digital Credentials (VDC) to enforce least privilege, discover and monitor agents, and replace fragmented point solutions. Early access features begin in fiscal 2027.

CSA launches SaaS Security Capability Framework (SSCF)

🔒 The Cloud Security Alliance has published the SaaS Security Capability Framework (SSCF), a standardized set of customer-facing security controls designed to reduce long-standing gaps in third-party risk management. SSCF defines minimum technical capabilities across six domains — including identity and access, data lifecycle, logging, and incident management — that vendors should expose under the Shared Responsibility Model. The framework is intended to add transparency and consistency to SaaS security, complementing business-focused standards such as ISO 27001, and aims to evolve into practical implementation guidance, auditing criteria, and a certification scheme.

Assessing Passkey Security: Benefits and Limitations

🔐 Passkeys replace passwords with public-key cryptography, keeping the private key on the user’s device while services retain only a public key. They prevent phishing, credential stuffing, and brute-force attacks, and are unlocked by local authentication such as biometrics or a PIN. FIDO research and high-profile moves by Microsoft and Aflac highlight improved convenience and reduced support costs, but device dependency, legacy compatibility, and implementation costs remain significant challenges.

Cloudflare Brings Enterprise Features to All Plans

🔐 Cloudflare announced it will make nearly every feature available for direct purchase on any plan, removing the previous distinction of “enterprise-only” capabilities. The rollout begins today with dashboard SSO, which is now accessible to all customers and supports GitHub social login; many Zero Trust features are available at no cost for up to 50 users. Over the next year Cloudflare will extend this self-service approach to additional capabilities, simplify billing and packaging, and reduce the need to involve sales or solutions engineers, while noting a few region-specific exceptions such as its China Network.

AI Coding Assistants Elevate Deep Security Risks Now

⚠️ Research and expert interviews indicate that AI coding assistants cut trivial syntax errors but increase more costly architectural and privilege-related flaws. Apiiro found AI-generated code produced fewer shallow bugs yet more misconfigurations, exposed secrets, and larger multi-file pull requests that overwhelm reviewers. Experts urge preserving human judgment, adding integrated security tooling, strict review policies, and traceability for AI outputs to avoid automating risk at scale.