All news with #iam tag

Hidden Vulnerabilities in Project Management Tools: Backup

🛡️ Many organizations rely on SaaS project platforms such as Trello and Asana for daily operations, but native protections and short retention windows often leave critical data exposed. The piece highlights human error, misconfiguration, and targeted cyberattacks as leading causes of loss. It recommends adding a third‑party backup layer and presents FluentPro Backup as a solution offering continuous automated backups, granular restores, one‑click project recovery, and Azure‑backed security to ensure recoverability and auditability.

Storm-0501 Shifts to Cloud-Based Ransomware Tactics

🔒 Microsoft Threat Intelligence reports that financially motivated actor Storm-0501 has shifted from on‑premises endpoint encryption toward cloud‑native ransomware tactics emphasizing rapid data exfiltration, destruction of backups, and extortion. The actor leverages compromised Entra Connect sync accounts, DCSync, and hybrid‑joined devices to escalate to Global Administrator and gain full Azure control. In cloud environments they abuse Azure operations (listing storage keys, AzCopy exfiltration, snapshot and resource deletions) and create malicious federated domains for persistence and impersonation. Microsoft recommends hardening sync configurations, enforcing phishing‑resistant MFA, enabling Defender for Cloud and storage protections, and applying least‑privilege access controls.

Storm-0501 Debuts Brutal Hybrid Ransomware Chain Attack

🚨 Microsoft Threat Intelligence says financially motivated group Storm-0501 has refined a brutal hybrid ransomware chain that leverages hijacked privileged accounts to pivot from on‑prem Active Directory into Azure, exploiting visibility gaps to exfiltrate, encrypt, and mass‑delete cloud resources and backups. The actor used Evil‑WinRM for lateral movement and DCSync to harvest credentials, abused a non‑MFA synced global admin to reset passwords, and created a malicious federated domain for broad persistence. After exfiltration they deleted backups where possible, encrypted remaining cloud data, and initiated extortion via a compromised Microsoft Teams account. CISOs are urged to enforce least privilege, audit on‑prem assets, close cloud visibility gaps, and rehearse ransomware playbooks.

Cloudflare Introduces MCP Server Portals for Zero Trust

🔒 Cloudflare has launched MCP Server Portals in Open Beta to centralize and secure Model Context Protocol (MCP) connections between large language models and application backends. The Portals provide a single gateway where administrators register MCP servers and enforce identity-driven policies such as MFA, device posture checks, and geographic restrictions. They deliver unified visibility and logging, curated least-privilege user experiences, and simplified client configuration to reduce the risk of prompt injection, supply chain attacks, and data leakage.

CrowdStrike Named Leader in 2025 Exposure Management

🔒 CrowdStrike has been named a Leader in the 2025 IDC MarketScape for Exposure Management. Falcon Exposure Management delivers AI-native, real-time visibility and prioritization of exposures and attack paths across endpoint, cloud, identity and OT/IoT, helping teams focus on what adversaries can feasibly exploit. It unifies VM, ASM and CAASM capabilities and introduces Network Vulnerability Assessment for continuous discovery of unmanaged network devices without additional agents or hardware. Integrated exposure data is correlated across CrowdStrike Threat Graph, Intel Graph and Asset Graph to support faster, automated remediation.

Chinese Groups Escalate Cloud and Telecom Espionage

🛡️ CrowdStrike warns that China-linked groups Murky Panda, Genesis Panda, and Glacial Panda have intensified cloud and telecommunications espionage, abusing trusted cloud relationships and internet-facing appliances to gain access. The actors exploit N-day and zero-day flaws, deploy web shells, and steal cloud credentials to establish persistence with tools such as CloudedHope. Targets include government, technology, financial, and telecom sectors, with operations tailored to covert intelligence collection and long-term access.

Amazon Verified Permissions adds Cedar 4.5 support

🔒 Amazon Verified Permissions now supports Cedar 4.5, introducing the new is operator to enable type-based access checks. Developers can write policies that grant or deny access based on a resource’s declared type—for example, allowing administrators to view a resource only when it is an invoice in a petstore app. The update enhances Cedar’s type system, helps catch type-related errors earlier in policy development, and is available in all AWS Regions where the service runs; new and backward-compatible accounts have been automatically upgraded.

AWS auto-enables OpenAI open-weight models in Bedrock

🔓 AWS has made two OpenAI models with open weights — gpt-oss-120b and gpt-oss-20b — automatically available to all Amazon Bedrock users as of August 5, 2025. Users can access them immediately via the Amazon Bedrock console playground or the unified Bedrock API in supported regions. Administrators retain full control and can restrict usage with AWS IAM policies and Service Control Policies.

Amazon Managed Service for Prometheus Adds Resource Policies

🔒 Amazon Managed Service for Prometheus now supports resource-based policies on workspaces, allowing owners to specify which IAM principals can ingest metrics or run PromQL queries from other accounts. This removes the previous need to assume an IAM role in the workspace owner account for cross-account access. Workspace owners can attach policies to allow-list non-owner principals for Prometheus-compatible API actions, and the capability is available in all regions where the service is generally available.

Falcon Next-Gen Identity Security Unifies Protection

🔒 CrowdStrike announced Falcon Next-Gen Identity Security, a unified solution to protect human, non-human, and AI agent identities across on-premises, cloud, and SaaS environments. It consolidates initial access prevention, modern secure privileged access, identity threat detection and response (ITDR), SaaS identity security, and agentic identity protection into a single sensor and management console. Delivered via the AI-native Falcon platform, the offering provides real-time visibility, dynamic access enforcement, and autonomous response to reduce identity-driven breaches and simplify hybrid identity security.

Connect with Security Leaders at Microsoft Ignite 2025

🔒 Microsoft Security invites CISOs, SecOps leads, identity architects, and cloud security engineers to Microsoft Ignite 2025 in San Francisco (Nov 17–21) and online (Nov 18–21) to explore secure AI adoption and modern SecOps. Register with RSVP code ATXTJ77W to access the half-day Microsoft Security Forum (Nov 17), hands-on labs, live demos, and one-on-one meetings with experts. Attendees can join networking events including the Secure the Night party, pursue onsite Microsoft Security certifications, and engage in roundtables focused on threat intelligence, regulatory insights, and protecting data, identities, and infrastructure.

Dow's 125-Year Legacy: Innovating with AI for Security

🛡️ Dow is integrating AI into enterprise security through a strategic partnership with Microsoft, deploying Security Copilot and Microsoft 365 Copilot within its Cyber Security Operations Center. A cross-functional responsible AI team established principles and acceptable-use policies while assessing new AI risks. AI-driven tools are used to detect phishing and BEC, automate repetitive tasks, enrich tickets with contextual intelligence, and accelerate incident response. Apprentices leverage Copilot as a virtual mentor, shortening ramp time and enabling senior analysts to focus on proactive defense.

CISA Issues Emergency Directive for Microsoft Exchange

⚠️ CISA issued Emergency Directive 25-02 directing federal civilian agencies to immediately update and secure hybrid Microsoft Exchange environments to address a post-authentication privilege escalation vulnerability. The flaw, tracked as CVE-2025-53786, could allow an actor with administrative access on an Exchange server to escalate privileges and affect identities and administrative access in connected cloud services. CISA says it is not aware of active exploitation but mandates agencies implement vendor mitigation guidance and will monitor and support compliance. All organizations using hybrid Exchange configurations are urged to adopt the recommended mitigations.

BadSuccessor: dMSA Privilege Escalation in Windows Server

🔒 Unit 42 details BadSuccessor, a critical post-Windows Server 2025 attack vector that abuses delegated Managed Service Accounts (dMSAs) to escalate privileges in Active Directory. The write-up explains how attackers who can create or modify dMSAs may set msDS-ManagedAccountPrecededByLink and msDS-DelegatedMSAState to impersonate superseded accounts and obtain elevated rights. It provides practical detection guidance using Windows Security auditing and offers hunting queries and mitigation recommendations. Palo Alto Networks solutions such as Cortex XDR and XSIAM are highlighted as able to detect this activity when auditing is enabled.

Microsoft Bounty Program: $17M Distributed in 2025

🔒 The Microsoft Bounty Program distributed $17 million this year to 344 security researchers across 59 countries, marking the largest total payout in the program’s history. In partnership with the Microsoft Security Response Center (MSRC), researchers helped identify and remediate more than a thousand potential vulnerabilities across Azure, Microsoft 365, Windows, and other Microsoft products and services. The program also expanded coverage and awards for Copilot, identity and Defender scopes, Dynamics 365 & Power Platform AI categories, and refreshed Windows attack scenario incentives to prioritize high-impact research.

Zero Day Quest returns with up to $5M bounties for Cloud

🔒 Microsoft is relaunching Zero Day Quest with up to $5 million in total bounties for high-impact Cloud and AI security research. The Research Challenge runs 4 August–4 October 2025 and focuses on targeted scenarios across Azure, Copilot, Dynamics 365 and Power Platform, Identity, and M365. Eligible critical findings receive a +50% bounty multiplier, and top contributors may be invited to an exclusive live hacking event at Microsoft’s Redmond campus in Spring 2026. Participants will have access to training from the AI Red Team, MSRC, and product teams, and Microsoft will support transparent, responsible disclosure.

Amazon Engineer Exposed Credentials via Public GitHub Repo

🔒 UpGuard discovered a public GitHub repository on 13 January 2020 containing an Amazon Web Services engineer’s personal identity documents and numerous system credentials. The repository included AWS key pairs (including a file named rootkey.csv), API tokens, private keys, passwords, logs, and customer-related templates. UpGuard reported the exposure to AWS Security within hours and the repository was secured the same day. The incident highlights how rapid leak detection can prevent accidental disclosures from escalating.

Securing Cloud Identity Infrastructure Through Collaboration

🔒 CISA's Joint Cyber Defense Collaborative (JCDC) is coordinating with major cloud providers and federal partners to strengthen core cloud identity and authentication systems against sophisticated, nation-state affiliated threats. Recent incidents have exposed risks from token forgery, compromised signing keys, stolen credentials, and gaps in secrets management, logging, and governance. On June 25, a technical exchange convened experts from industry and government to share best practices and explore mitigations such as stateful token validation, token binding, improved secrets rotation and storage, hardware security modules, and enhanced logging to better detect and respond to malicious activity.

0ktapus Phishing Campaign Compromises 130+ Firms Worldwide

🔐 Researchers link a sprawling phishing campaign to the 0ktapus threat group, which spoofed Okta authentication pages and induced employees to submit credentials and MFA codes. The operation hit more than 130 organizations and led to 9,931 compromised accounts, with targeted activity against Twilio and Cloudflare staff. Group-IB reports 5,441 harvested MFA codes and urges URL vigilance, better password hygiene and adoption of FIDO2 security keys.