All news with #identity security tag

🛡️ Hiring fraud has produced thousands of fake IT workers who gain trusted access and create serious insider risks. Companies such as Amazon report coordinated attempts tied to state actors, while researchers like SentinelOne and vendors observe AI-enabled deepfakes, synthetic identities and stolen US credentials used to pass recruitment checks. Organizations must treat remote hiring as an access-control problem: strengthen identity screening, enforce staged trust, and deploy continuous post-hire telemetry and behavioral detection.

🔐 Hazel Burton summarizes Cisco Talos' Year in Review and outlines five critical priorities for defenders facing an increasingly automated threat landscape. While AI and accessible exploit code have lowered the barrier for attackers, adversaries still follow predictable patterns and reuse infrastructure, producing detectable anomalies. Defenders should treat identity infrastructure as a top-tier asset, secure MFA workflows with strict verification, prioritize patching by internet exposure, hunt long-tail legacy risks, and apply enhanced monitoring to management-plane systems to focus detection on anomalous post-login behavior and reduce alert fatigue.

🔐 Amazon OpenSearch Service now supports configuring a JSON Web Key Set (JWKS) URL for JWT authentication. With a JWKS URL configured, OpenSearch domains automatically fetch and validate public keys from an identity provider’s JWKS endpoint, removing the need to manually manage static keys when providers rotate signing keys. The feature includes built-in security validation checks and clearer error messaging, requires OpenSearch version 3.3 or later, and can be configured via the console, AWS CLI, or the CreateDomain and UpdateDomainConfig APIs.

🛡️ Identity management is changing as AI agents introduce a new class of non‑human identities that can act, decide, and access resources at machine speed. Experts including Dustin Wilcox and Michael Adams recommend an identity-first security posture built on clean directories, enforced least privilege, and clear offboarding. They warn that legacy models and inventory processes won’t track proliferating tokens and agents, so organizations should catalog non‑human identities, assign ownership, and treat MFA as a baseline while moving toward phishing‑resistant methods and continuous verification.

🔒 The contributor reframes AI agents as delegated identities rather than independent actors, arguing enterprises cannot safely govern agents without first governing the identities that delegate authority to them. It calls out pervasive "identity dark matter"—unmanaged human and machine credentials that create hidden permissions and execution paths which agents can amplify. The piece recommends sequencing remediation: first illuminate and reduce identity dark matter across humans, bots, and service accounts, then feed continuous telemetry into a real‑time delegation authority engine. Orchid's continuous observability model is presented as that live feed, enabling dynamic decisions to allow, recommend, constrain, or block agent actions based on delegator posture, intent, application context, and scope.

🔐 The article highlights that Forrester estimates each password reset costs roughly $70 and that self-service password reset (SSPR) tools have not eliminated helpdesk involvement. Attackers target resets to bypass MFA, as illustrated by the April 2025 Marks & Spencer incident tied to the Scattered Spider group, which began with a social-engineered reset and escalated to NTDS.dit extraction and ransomware. It recommends identity verification tools such as Specops Secure Service Desk, strong single-use temporary credentials, monitoring of reset activity, and clearer helpdesk procedures to reduce risk.

🔐 The UK’s National Cyber Security Centre (NCSC) now recommends passkeys as the preferred sign-in method for consumers, advising passwords only when passkeys are unavailable. This follows a year of collaboration with the FIDO Alliance, observed improvements across the passkey ecosystem and successful NHS deployments. The NCSC also urges businesses to adopt passkeys as the default and to use single sign-on (SSO) where possible, with additional business guidance expected.

🌐 Amazon SageMaker now supports multi-region replication from IAM Identity Center (IdC), allowing administrators to deploy SageMaker Unified Studio domains in regions separate from their IdC instance. This capability preserves centralized single sign-on while enabling data residency and sovereignty controls. It is aimed at enterprise and regulated customers who need to process sensitive data in specific jurisdictions without fragmenting identity management.

🔐 Identity-centric systems have evolved from simple login mechanisms into the operational backbone of digital enterprises. By replacing the old network perimeter with a person- and device-centric model, modern identity frameworks enable fine-grained access control, real-time authorization and auditable accountability across cloud, mobile and distributed workforces. They also power customer personalization and fraud detection, helping teams move faster while reducing operational and security risk.

🔐 This sponsored article from Specops Software explains five practical ways Zero Trust reduces identity-related risk by centering access controls on verified identities and device posture. It emphasizes least privilege, continuous context-aware authentication tied to device health, and strict segmentation to limit lateral movement. The piece spotlights Specops Device Trust as an example of binding identity to compliant devices and recommends prioritizing phishing-resistant MFA and device checks when starting a Zero Trust rollout.

🔒 This article outlines five practical steps to harden identity security across human, machine, and workload identities and to build attack resilience through least privilege and continuous validation. It recommends prioritizing MFA for high‑privilege accounts, deploying PAM to control administrative access, inventorying all identity types, and establishing real‑time behavior validation. The guidance emphasizes quick wins—enforce MFA for privileged users immediately and expand to all users within 30 days—to reduce credential‑based breaches and limit lateral movement.

🔒 The Hacker News is hosting a webinar that examines why identity programs can advance while enterprise risk rises. New Ponemon Institute research finds hundreds of applications remain disconnected from centralized identity, creating an unmanaged dark matter attack surface that AI agents now exploit. Join experts Mike Fitzpatrick and Matt Chiodi for tactical guidance to measure, prioritize, and close identity gaps.

🔁 AWS Directory Service for Microsoft Active Directory (AWS Managed Microsoft AD) now supports Multi-Region replication in AWS Opt-In regions. The automated feature deploys domain controllers across Availability Zones per region, handles inter-region networking, and replicates users, groups, Group Policy Objects, and schema to maintain a single authoritative directory. It configures an Active Directory site per region to optimize authentication performance and reduce cross-region transfer costs; availability excludes the Middle East (UAE) and Middle East (Bahrain) regions and pricing is hourly per domain controller plus data transfer.

🔐 Microsoft Threat Intelligence warns that the cyber threat to critical infrastructure has shifted from opportunistic data theft to long-term, identity-driven persistence aimed at operational disruption. Hybrid IT–OT architectures, cloud-based identity, and exposed remote services enable adversaries—including nation-state actors—to establish low-visibility footholds using living-off-the-land techniques and valid credentials. Microsoft recommends continuous readiness, reducing exposure, and validating defenses through proactive compromise assessments to detect active or dormant intrusions before they are activated.

🛡️ AI agents are shifting enterprise automation from passive assistants to autonomous actors, creating new security challenges centered on access, autonomy, and identity governance. The article groups agents into three types—agentic chatbots, local agents, and production agents—and outlines how each carries distinct operational capabilities and risk profiles. For CISOs, the immediate priority is discovering and governing agent identities, limiting over-permissioned access, and aligning permissions with an agent’s intended purpose.

🔒 The Talos 2025 Year in Review synthesizes Cisco telemetry, incident response cases, and Talos research into a free, cross‑functional report highlighting identity-focused attacks, supply‑chain risks, and phishing trends. Key findings include React2Shell as the most targeted CVE, ToolShell ranking third, and Qilin as the dominant ransomware variant. The report warns that attackers increasingly compromise network infrastructure — especially ADCs and management platforms — to bypass MFA and escalate across environments, and recommends prioritizing patching and treating these devices as identity control points.

🔐 Microsoft argues that identity is the primary pressure point for modern cyberattacks as organizations manage proliferating human, non-human, and agentic identities across disparate systems. The post highlights that fragmentation—duplicative solutions and too many vendors—creates visibility gaps that enable lateral movement. It outlines a unified model built on Microsoft Entra, a real-time identity control plane including Conditional Access, and integrated threat protection, and describes AI-driven triage with Security Copilot to accelerate response and reduce analyst fatigue.

🔐 The SentinelOne Annual Threat Report for 2026 warns that attackers are executing identity-based compromises at industrial scale, abusing legitimate enterprise accounts and identity systems. These intrusions often bypass or subvert MFA — including through readily available MFA-bypass kits and coercive push attacks — leaving traditional defenses blind. The report also highlights fake-persona recruitment campaigns, including deepfake-enabled interviews, and warns of administrative account takeovers that can disable MFA organization-wide.

🔒 The perimeter model has broken down as workforces go hybrid, and many Zero Trust deployments miss a key link between identity and session authorization. Specops Device Trust argues that authentication must be contextualized with real-time device posture checks to prevent token theft and session hijacking. Binding identity to a verified device and continuous monitoring lets organizations enforce dynamic, low-friction policies that reduce risk.

🔒 Gartner's inaugural Market Guide for Guardian Agents defines a new enterprise control layer that supervises AI agents to keep their actions aligned with organizational goals and boundaries. The article stresses risks from unmanaged non-human identities—so-called identity dark matter—and lists mandatory capabilities across visibility, continuous assurance, and runtime enforcement. It urges enterprises to adopt an enterprise-owned guardian layer rather than relying solely on platform-native controls.