All news with #identity security tag

🔐 Security researchers and agencies are warning that phishing campaigns are increasingly targeting Microsoft 365 OAuth device codes and access tokens to bypass multifactor authentication. New commercial services like Kali365 and older kits such as EvilTokens automate token capture, AI‑generated lures, and large-scale campaign management. The FBI and vendors urge admins to restrict device code flows, apply conditional access, monitor token misuse, and adopt identity‑centric controls beyond MFA.

🔒 Amazon SageMaker Unified Studio now supports domain management for both Identity Center and IAM-based domains outside the AWS Console. Administrators and data management teams can create and manage projects, configure workforce identity, administer users and permissions, and set networking properties. VPC configuration and account associations are consistent across domain types and available in all Regions where Unified Studio is offered.

🔒 Microsoft announced it was recognized as a Leader in The Forrester Wave™: Workforce Identity Security Platforms, Q2 2026, receiving top scores for current offering and strategy. The post emphasizes the need to unify identity signals, access policies, and response workflows to reduce fragmentation and improve security. It highlights Microsoft Entra capabilities in ITDR, phishing-resistant authentication, access control, and identity verification. The article also stresses the growing importance of managing AI and non-human identities through continuous, context-aware enforcement.

🔐 Modern breaches increasingly exploit identities rather than perimeter flaws. Cloud, SaaS, and hybrid work have dissolved traditional network borders so attackers favor stolen credentials, session token replay and OAuth consent phishing. MFA and perimeter controls remain important but can be bypassed through social engineering, proxying and misconfigured privileges. Organizations must elevate identity monitoring, enforce least privilege and realign investments toward identity governance and contextual access controls.

🔐 This article examines how identities — user, machine, and AI agent credentials — have become primary attack paths across hybrid environments. It uses real-world examples like cached access keys and forgotten role assignments to show how isolated identity weaknesses chain into exploitable routes. The piece explains why traditional IGA and PAM tools miss these cross-boundary paths and calls for unified mapping of identity, permissions, and environment context to prevent breaches.

🔐 AWS Security Hub now brings identity risk into the same unified console where central security teams manage threats, exposures, and posture findings. It detects unused IAM permissions, roles, and credentials across an AWS organization and correlates those identity findings with exposure context. When enabled, Security Hub automatically creates a service‑linked IAM Access Analyzer in each member account and evaluates 90 days of actual access activity. It also offers on‑demand recommended least‑privilege policies and is included in Security Hub Essentials at no additional cost.

🎮 In this Deputy CISO post, Aaron Zollman, Vice President and Deputy CISO for Gaming at Microsoft, outlines the distinct security demands of a global, diverse gaming ecosystem. He describes gaming as a “culture of cultures,” spanning platforms, independent studios, and shared studio central teams, each carrying unique risks from account takeover and IP theft to supply chain and regulatory challenges. Zollman stresses partnership over prescription—balancing enterprise-grade controls with low-latency player experiences and studio autonomy. The piece calls for layered defenses, identity governance, anomaly detection, and tailored baselines to protect billions of interactions while enabling creativity.

⚠️Orchid Security's Identity Gap: Snapshot 2026 reveals that unseen, unmanaged identity elements now exceed visible ones, with 'identity dark matter' at 57% versus 43%. The report warns that rapid adoption of Agent AI amplifies risk because autonomous agents look for the most efficient access paths, often exploiting hard-coded or orphaned credentials and excessive privileges. Orchid urges strengthening identity and access management controls and using its readiness checklist to mitigate exposures.

🔐 Microsoft has reached general availability for Entra-Only identities for Azure Files SMB, enabling native Microsoft Entra ID authentication for SMB file shares using cloud-only identities. This eliminates the need for on-premises Active Directory, Entra Connect, or managed domain controllers, simplifying architecture and reducing operational overhead. Entra acts as the Kerberos Key Distribution Center (KDC), issuing Kerberos tickets while preserving SMB protocol compatibility, and supports VDI scenarios with FSLogix, Managed Identities, macOS clients, and NTFS ACL editing. The capability is supported across HDD and SSD shares, available at no extra cost, and is being extended to sovereign cloud regions.

🔒 Bridewell's Cyber Threat Intelligence Report 2026 warns that attackers are abandoning traditional malware for browser- and identity-focused techniques such as ClickFix, FileFix and ConsentFix that trick users into approving commands or authentication prompts. These tactics bypass endpoint controls and MFA because they operate within trusted workflows and are harder to detect. The firm urges stronger identity protection, user awareness and threat-informed defence.

🔐 Microsoft Threat Intelligence details how Storm-2949 converted targeted identity compromise into a broad cloud breach, exfiltrating data from Microsoft 365 and production workloads in Azure. The actor abused SSPR-based social engineering to bypass MFA, performed directory discovery via Graph API, and leveraged management-plane operations to retrieve Key Vault secrets and download large volumes of data. Organizations should adopt behavior-based detections such as Microsoft Defender and tighten RBAC and administrative controls to detect and mitigate similar identity-driven cloud attacks.

🌐 AWS outlines how to present a single, brand-aligned vanity entry point (for example, aws.mycompany.com) in front of IAM Identity Center multi-Region access portals. The approach uses Amazon Route 53 latency-based routing, Application Load Balancer 302 redirects, and optional Amazon ARC Region switches for automated failover while TLS is managed through AWS Certificate Manager. Traffic is directed to the nearest healthy regional portal and the vanity domain does not persist in the browser address bar.

🔒 Semperis finds that 93% of global organizations use or plan to use AI agents for security tasks such as password resets and VPN access, while 92% report AI on endpoints with SSH and encryption key access. The survey of 1,100 organizations warns of over‑permissioned and abandoned 'zombie' non‑human identities that increase hijack risk. Semperis recommends treating agents as NHIs, enforcing least‑privilege, and improving observability and recovery readiness.

🔒 Palo Alto Networks has unveiled Idira, an identity security platform designed to protect human users, machine identities, and autonomous AI agents by applying dynamic privilege controls across all identity types. The platform leverages Palo Alto’s integration of CyberArk and continuously discovers and enriches identities across SaaS, cloud, and developer environments. Idira elevates privileges only when required and revokes them immediately, aiming to close blind spots left by legacy IAM and PAM systems. Analysts say it targets gaps in offerings such as Auth0 and SailPoint but does not eliminate the need for layered security.

🔐 Idira is Palo Alto Networks' next-generation identity security platform, unveiled at IMPACT following the company's integration with CyberArk. It discovers every human, machine and AI agent, inventories entitlements across network, cloud, endpoints and browsers, and evaluates whether access is necessary. Idira replaces standing accounts with dynamic, just-in-time privileges and automates continuous governance, shrinking the fragmentation that delays incident response. The platform embeds AI to surface risky entitlements and drive rapid remediation, while integrating with Strata, Cortex and Prisma to enforce controls where users and agents work.

🔐 This Unit 42 report examines how misconfigured Active Directory Certificate Services (AD CS) components create high-impact attack surfaces that enable privilege escalation, identity impersonation, and persistent access. It details exploitation techniques—especially certificate template misconfigurations and shadow credential abuse—tools observed in the wild, and a five-phase adversary lifecycle. The report emphasizes behavioral detection, telemetry correlation, and mitigation guidance to help defenders close monitoring gaps.

🔐 Amazon announced new administration features for SageMaker Unified Studio that give administrators finer control over identity configuration and user management across both IAM and IAM Identity Center domain types. Administrators can now configure AWS IAM Identity Center for SSO onboarding, add IAM roles, users, and groups as project members, and manage domain users from a consolidated admin portal. For Identity Center domains, federated access through IAM roles now produces unique user sessions so collaborators sharing a role do not overwrite each other and actions remain auditable. These updates enable teams to use corporate IAM or IAM Identity Center identities consistently across domains and simplify collaboration and auditing in the Studio environment.

🔒 Having an incident response retainer or a pre-approved external firm is not the same as being operationally ready. Readiness requires pre-provisioned accounts, validated permissions, and practiced workflows so responders can gain immediate visibility into identity, cloud, EDR, and logs. The guide prioritizes identity-first visibility, out-of-band communications, a designated incident manager, and pre-tested activation procedures to eliminate delays that allow attackers to deepen compromise.

🛡️ Analysts and Orchid Security warn that enterprises are deploying AI agents faster than governance can keep up, creating an invisible layer of "identity dark matter" that conventional IAM misses. Orchid Security inspects applications at the binary and configuration layer to discover agents, audit compliance, and locate static credentials. Its Ask Orchid assistant answers natural-language questions about active agents, NIST compliance, and credential risks, then recommends prioritized remediation. This in-application observability aims to close the structural gap in identity visibility and enforce purpose-bound, least-privilege controls.

🛡️ AWS Identity and Access Management (IAM) has raised maximum quotas for six resource types to help customers scale. Updated limits include customer managed policies, instance profiles, managed policies per role, role trust policy length, roles per account, and OpenID Connect providers. These changes give teams more flexibility to design IAM controls and support growing workloads. To request increases, use Service Quotas or AWS Support per region.