All news with #iam tag

AI-Powered ZTNA Protects the Hybrid Future and Agility

🔒 Enterprises face a paradox: AI promises intelligent, automated access control, but hybrid complexity and legacy systems are blocking adoption. Teams report being buried in manual policy creation, vendor integrations and constant firefighting despite mature platforms like Palo Alto Networks, Netskope and Zscaler. AI-driven ZTNA shifts the model from policy-first to behavior-first, building behavioral baselines that generate context-aware policies and can wrap legacy apps without invasive changes. Success requires operational bandwidth, reliable data and a mindset shift to treat access control as a business enabler rather than a compliance burden.

AWS Organizations adds Account State field for members

🛈 AWS Organizations introduces a new State field in the console and APIs (DescribeAccount, ListAccounts, ListAccountsForParent) to provide more granular lifecycle visibility for member accounts. The console Status field has been replaced by State, while both Status and State remain available in APIs until September 9, 2026. New state values include SUSPENDED, PENDING_CLOSURE, and CLOSED (within the 90-day reinstatement window). Customers should update account vending pipelines and governance integrations to reference State before the Status deprecation date.

VoidProxy Phishing Framework Bypasses MFA for SSO Logins

🔒 Okta threat researchers have identified a Phishing-as-a-Service called VoidProxy that leverages Adversary-in-the-Middle techniques to capture usernames, passwords, MFA codes and session cookies from Microsoft, Google and several SSO providers. The service uses compromised email service provider accounts, URL shorteners, Cloudflare Workers and disposable domains to evade detection and takedown. Victim credentials and session tokens are proxied to legitimate services, allowing attackers to reuse valid session cookies. Okta warns legacy methods such as SMS and OTP are especially vulnerable to this attack.

Five Trends Reshaping IT Security Strategies in 2025

🔒 Cybersecurity leaders report the mission to defend organizations is unchanged, but threats, technology and operating pressures are evolving rapidly. Five trends — shrinking or stagnating budgets, AI-enabled attacks, the rise of agentic AI, accelerating business speed, and heightened vendor M&A — are forcing changes in strategy. CISOs are simplifying tech stacks, increasing automation and outsourcing, and deploying AI for detection and response while wrestling with new authentication/authorization gaps. Vendor viability and consolidation now factor into resilience planning.

Amazon Athena adds SSO support for JDBC and ODBC drivers

🔐 Amazon Athena now supports single sign-on for its JDBC and ODBC drivers using AWS IAM Identity Center’s trusted identity propagation. With updated drivers (JDBC 3.6.0 and ODBC 2.0.5.0), analysts can connect from third‑party BI tools and SQL clients using corporate credentials while Lake Formation permissions are enforced and actions are logged. This removes the need for embedded credentials, simplifies identity‑based data governance, and streamlines access management across tools.

Top Cybersecurity Trends: AI, Identity, and Threats

🤖 Generative AI remains the dominant force shaping enterprise security priorities, but the initial hype is giving way to more measured ROI scrutiny and operational caution. Analysts say gen AI is entering a trough of disillusionment even as vendors roll out agentic AI offerings for autonomous threat detection and response. The article highlights rising risks — from model theft and data poisoning to AI-enabled vishing — along with brisk M&A activity, a shift to identity-centric defenses, and growing demand for specialized cyber roles.

Dataproc Multi-Tenant Clusters for Notebook Workloads

🚀 Google Cloud announced Dataproc multi-tenant clusters to let many data scientists share a single cluster for interactive notebook workloads while preserving per-user authorization. The feature maps individual Google identities to service accounts, externalizes mappings to a YAML file, and supports updates on running clusters. Jupyter kernels launch via the Jupyter Kernel Gateway across worker nodes, with optional Vertex AI Workbench integration and the BigQuery JupyterLab Extension. Administrators retain IAM-based least-privilege control and cluster hardening isolates credentials and OS users.

Remote Access Abuse Signals Major Pre-Ransomware Risk

🔒 Cisco Talos finds abuses of remote access software and services are the most common pre-ransomware indicator, with threat actors leveraging legitimate tools such as RDP, PsExec, PowerShell and remote-support apps like AnyDesk and Microsoft Quick Assist. The report highlights credential dumping (for example, Mimikatz) and network discovery as other frequent TTPs. It recommends rapid response, MFA, application allowlisting and enhanced endpoint monitoring to limit ransomware execution.

Stopping Ransomware Before It Starts: Pre-Ransomware Insights

🔒Cisco Talos Incident Response (Talos IR) analyzed pre-ransomware engagements from January 2023 through June 2025 to determine which controls most often prevented ransomware deployment. Rapid engagement with incident responders and near-immediate action on EDR/MDR alerts were the two strongest correlates of stopping encryption. Talos found that aggressive blocking and quarantine settings, strict identity and privilege controls, improved logging, and early notifications from partners materially increased the chance of eviction before encryption. The guidance focuses on securing remote services, credential protection, application allowlisting, and network segmentation.

Onboarding Attacks: When Fake Hires Become Insider Threats

🔐 Attackers are increasingly bypassing email defenses by infiltrating organizations through the hiring process, as in the 'Jordan' example where a bogus hire gained broad access on day one. Remote recruiting, AI-generated profiles and deepfakes have turned identity into the new perimeter, undermining traditional vetting. Adopting zero standing privileges—with JIT/JEP, strict baselines and comprehensive auditing—and tools such as BeyondTrust Entitle can remove persistent access and automate time‑bound, auditable privilege grants.

AWS Config Tracks Resource Tags for IAM Policies Globally

🔍 AWS Config now records resource tags for IAM policy resource types, enabling you to capture tag values and track their changes directly in your Config recorder. You can scope both Config-managed and custom rule evaluations by tag and use Config aggregators to selectively collect IAM policies across accounts. This capability is available in all supported AWS Regions at no additional cost.

Amazon Neptune Adds Public Endpoints for Developers

🌐 Amazon Neptune now supports Public Endpoints, enabling developers to connect to Neptune clusters directly from development desktops without VPNs, bastion hosts, or complex network setups. The capability can be enabled for new or existing clusters running engine version 1.4.6 or later via the AWS Console, CLI, or SDK. Security is maintained using IAM authentication, VPC security groups, and encryption in transit. The feature is available at no additional cost in all Regions where Neptune is offered.

Zero Trust Implementation Remains a Major CISO Challenge

🔐According to an Accenture report, 88% of security leaders say they face significant difficulties implementing Zero Trust, and 80% cannot effectively protect cyber-physical systems. Other industry studies show mixed adoption—Gartner found 63% with full or partial strategies in 2024, while Entrust reports Germany lags at 53%. Experts point to divergent definitions, legacy systems, cultural resistance to the never trust, always verify model, poor visibility into data flows, and misaligned incentives as core obstacles; many argue the effort is strategic, lengthy, and requires top-down leadership.

Amazon SageMaker Adds Restricted Classification Terms

🔒 Amazon SageMaker Catalog now supports governed classification using Restricted Classification Terms, enabling catalog administrators to mark sensitive glossary terms so only authorized users or projects can apply them to assets. Administrators grant usage through explicit policies and group membership, allowing centralized governance teams to control labels like Seller-MCF or PII. The capability is available in all regions that support SageMaker Unified Studio; consult the user guide to get started.

A CISO’s Guide to Monitoring the Dark Web Effectively

🔍 Dark web monitoring gives CISOs timely, actionable intelligence that can reveal breaches, stolen credentials, and early indicators of ransomware campaigns. Continuous visibility into forums, marketplaces, and leak sites helps detect initial access brokers, stealer logs, and items like RDP/VPN access being sold, enabling rapid containment and credential revocation. Use platforms such as SpyCloud and DarkOwl, subscribe to threat feeds and ISACs, and augment with deception (honeypots, canary tokens) while integrating findings into SIEM/XDR and incident response playbooks.

Hackers Breach Fintech Firm in Attempted $130M Pix Heist

🔐 Evertec disclosed that hackers breached its Brazilian subsidiary Sinqia S.A.'s environment on the Central Bank real-time payment system Pix on August 29, 2025, and attempted unauthorized transactions totaling up to $130 million. Sinqia halted Pix transaction processing and retained external cybersecurity forensics experts to investigate and contain the incident. The Central Bank revoked Sinqia’s Pix access while recovery efforts continue and part of the funds has been recovered; Evertec reports no evidence of exposed personal data and attributes the intrusion to stolen credentials from an IT vendor account.

88% of CISOs Struggle to Implement Zero Trust Programs

🔒 An Accenture report finds 88% of security leaders face significant challenges implementing zero trust. Respondents point to varying definitions, broad deployment scope across on-prem, cloud, IoT and legacy systems, poor visibility into data flows and device/user state, and resistance from business units. Experts recommend phased, use-case-driven rollouts and strong executive sponsorship, while noting meaningful programs can take years and may never be fully complete.

Microsoft to Enforce MFA for Azure Resource Management

🔐 Starting October 1, 2025, Microsoft will enforce multi-factor authentication (MFA) for all Azure resource management actions to protect tenants from unauthorized access. The change, part of its Secure Future Initiative, will be rolled out gradually across public cloud tenants and covers Azure CLI, PowerShell, SDKs, REST APIs, IaC tools, the Azure mobile app, and automation that uses user identities. To prevent disruptions Microsoft recommends updating Azure CLI to 2.76+ and Azure PowerShell to 14.3+; global administrators may postpone enforcement until July 2026.

Amazon Verified Permissions Adds Four New AWS Regions

🔒 Amazon Verified Permissions is now available in Asia Pacific (Taipei), Asia Pacific (Thailand), Asia Pacific (Malaysia), and Mexico (Central), expanding regional coverage to 35 AWS Regions. The managed service provides scalable, fine-grained authorization using the open-source Cedar policy language, enabling applications to enforce permissions as policies rather than embedding them in code. Developers and administrators can define role-, attribute-, and context-aware access controls for APIs and application resources, simplifying authorization and improving governance.

Nine Common Mistakes That Can Cost CISOs Their Jobs

🔒 This article outlines nine critical errors that can cost CISOs their positions, based on input from several industry leaders. It highlights risks such as overconfidence, unnecessary complexity, weak Governance, Risk & Compliance programs, and poor alignment with business priorities. The piece stresses practical prevention: prioritize access control and identity management, address the human factor, shrink stale data, break down silos, and avoid complacency to reduce breach risk and maintain executive trust.