< ciso
brief />
Tag Banner

All news with #identity security tag

168 articles · page 3 of 9

SageMaker Unified Studio adds identity and user controls

🔐 Amazon announced new administration features for SageMaker Unified Studio that give administrators finer control over identity configuration and user management across both IAM and IAM Identity Center domain types. Administrators can now configure AWS IAM Identity Center for SSO onboarding, add IAM roles, users, and groups as project members, and manage domain users from a consolidated admin portal. For Identity Center domains, federated access through IAM roles now produces unique user sessions so collaborators sharing a role do not overwrite each other and actions remain auditable. These updates enable teams to use corporate IAM or IAM Identity Center identities consistently across domains and simplify collaboration and auditing in the Studio environment.
read more →

Day Zero Readiness: Operational Gaps That Break Response

🔒 Having an incident response retainer or a pre-approved external firm is not the same as being operationally ready. Readiness requires pre-provisioned accounts, validated permissions, and practiced workflows so responders can gain immediate visibility into identity, cloud, EDR, and logs. The guide prioritizes identity-first visibility, out-of-band communications, a designated incident manager, and pre-tested activation procedures to eliminate delays that allow attackers to deepen compromise.
read more →

AI Agents Inside Your Perimeter: Visibility & Control

🛡️ Analysts and Orchid Security warn that enterprises are deploying AI agents faster than governance can keep up, creating an invisible layer of "identity dark matter" that conventional IAM misses. Orchid Security inspects applications at the binary and configuration layer to discover agents, audit compliance, and locate static credentials. Its Ask Orchid assistant answers natural-language questions about active agents, NIST compliance, and credential risks, then recommends prioritized remediation. This in-application observability aims to close the structural gap in identity visibility and enforce purpose-bound, least-privilege controls.
read more →

AWS IAM raises quotas for common identity resources

🛡️ AWS Identity and Access Management (IAM) has raised maximum quotas for six resource types to help customers scale. Updated limits include customer managed policies, instance profiles, managed policies per role, role trust policy length, roles per account, and OpenID Connect providers. These changes give teams more flexibility to design IAM controls and support growing workloads. To request increases, use Service Quotas or AWS Support per region.
read more →

The Fake IT Worker Threat CISOs Must Address Urgently

🛡️ Hiring fraud has produced thousands of fake IT workers who gain trusted access and create serious insider risks. Companies such as Amazon report coordinated attempts tied to state actors, while researchers like SentinelOne and vendors observe AI-enabled deepfakes, synthetic identities and stolen US credentials used to pass recruitment checks. Organizations must treat remote hiring as an access-control problem: strengthen identity screening, enforce staged trust, and deploy continuous post-hire telemetry and behavioral detection.
read more →

Threat Source: Prioritizing Identity and Legacy Risks

🔐 Hazel Burton summarizes Cisco Talos' Year in Review and outlines five critical priorities for defenders facing an increasingly automated threat landscape. While AI and accessible exploit code have lowered the barrier for attackers, adversaries still follow predictable patterns and reuse infrastructure, producing detectable anomalies. Defenders should treat identity infrastructure as a top-tier asset, secure MFA workflows with strict verification, prioritize patching by internet exposure, hunt long-tail legacy risks, and apply enhanced monitoring to management-plane systems to focus detection on anomalous post-login behavior and reduce alert fatigue.
read more →

Amazon OpenSearch Adds JWKS URL Support for JWT Auth

🔐 Amazon OpenSearch Service now supports configuring a JSON Web Key Set (JWKS) URL for JWT authentication. With a JWKS URL configured, OpenSearch domains automatically fetch and validate public keys from an identity provider’s JWKS endpoint, removing the need to manually manage static keys when providers rotate signing keys. The feature includes built-in security validation checks and clearer error messaging, requires OpenSearch version 3.3 or later, and can be configured via the console, AWS CLI, or the CreateDomain and UpdateDomainConfig APIs.
read more →

CISOs Rethink Identity as Agentic AI Raises Stakes

🛡️ Identity management is changing as AI agents introduce a new class of non‑human identities that can act, decide, and access resources at machine speed. Experts including Dustin Wilcox and Michael Adams recommend an identity-first security posture built on clean directories, enforced least privilege, and clear offboarding. They warn that legacy models and inventory processes won’t track proliferating tokens and agents, so organizations should catalog non‑human identities, assign ownership, and treat MFA as a baseline while moving toward phishing‑resistant methods and continuous verification.
read more →

Bridging the AI Agent Authority Gap with Observability

🔒 The contributor reframes AI agents as delegated identities rather than independent actors, arguing enterprises cannot safely govern agents without first governing the identities that delegate authority to them. It calls out pervasive "identity dark matter"—unmanaged human and machine credentials that create hidden permissions and execution paths which agents can amplify. The piece recommends sequencing remediation: first illuminate and reduce identity dark matter across humans, bots, and service accounts, then feed continuous telemetry into a real‑time delegation authority engine. Orchid's continuous observability model is presented as that live feed, enabling dynamic decisions to allow, recommend, constrain, or block agent actions based on delegator posture, intent, application context, and scope.
read more →

Why Routine Password Resets Create Security Risks Explained

🔐 The article highlights that Forrester estimates each password reset costs roughly $70 and that self-service password reset (SSPR) tools have not eliminated helpdesk involvement. Attackers target resets to bypass MFA, as illustrated by the April 2025 Marks & Spencer incident tied to the Scattered Spider group, which began with a social-engineered reset and escalated to NTDS.dit extraction and ransomware. It recommends identity verification tools such as Specops Secure Service Desk, strong single-use temporary credentials, monitoring of reset activity, and clearer helpdesk procedures to reduce risk.
read more →

NCSC Endorses Passkeys as Default Consumer Login Option

🔐 The UK’s National Cyber Security Centre (NCSC) now recommends passkeys as the preferred sign-in method for consumers, advising passwords only when passkeys are unavailable. This follows a year of collaboration with the FIDO Alliance, observed improvements across the passkey ecosystem and successful NHS deployments. The NCSC also urges businesses to adopt passkeys as the default and to use single sign-on (SSO) where possible, with additional business guidance expected.
read more →

SageMaker Studio Enables IAM Identity Center Multi-Region

🌐 Amazon SageMaker now supports multi-region replication from IAM Identity Center (IdC), allowing administrators to deploy SageMaker Unified Studio domains in regions separate from their IdC instance. This capability preserves centralized single sign-on while enabling data residency and sovereignty controls. It is aimed at enterprise and regulated customers who need to process sensitive data in specific jurisdictions without fragmenting identity management.
read more →

Identity: The New Foundation of Digital Transformation

🔐 Identity-centric systems have evolved from simple login mechanisms into the operational backbone of digital enterprises. By replacing the old network perimeter with a person- and device-centric model, modern identity frameworks enable fine-grained access control, real-time authorization and auditable accountability across cloud, mobile and distributed workforces. They also power customer personalization and fraud detection, helping teams move faster while reducing operational and security risk.
read more →

Five Ways Zero Trust Strengthens Identity Security

🔐 This sponsored article from Specops Software explains five practical ways Zero Trust reduces identity-related risk by centering access controls on verified identities and device posture. It emphasizes least privilege, continuous context-aware authentication tied to device health, and strict segmentation to limit lateral movement. The piece spotlights Specops Device Trust as an example of binding identity to compliant devices and recommends prioritizing phishing-resistant MFA and device checks when starting a Zero Trust rollout.
read more →

Five Ways to Strengthen Identity Security and Resilience

🔒 This article outlines five practical steps to harden identity security across human, machine, and workload identities and to build attack resilience through least privilege and continuous validation. It recommends prioritizing MFA for high‑privilege accounts, deploying PAM to control administrative access, inventorying all identity types, and establishing real‑time behavior validation. The guidance emphasizes quick wins—enforce MFA for privileged users immediately and expand to all users within 30 days—to reduce credential‑based breaches and limit lateral movement.
read more →

Webinar: Closing Identity Gaps Amid AI-Driven Risk

🔒 The Hacker News is hosting a webinar that examines why identity programs can advance while enterprise risk rises. New Ponemon Institute research finds hundreds of applications remain disconnected from centralized identity, creating an unmanaged dark matter attack surface that AI agents now exploit. Join experts Mike Fitzpatrick and Matt Chiodi for tactical guidance to measure, prioritize, and close identity gaps.
read more →

AWS Managed Microsoft AD Adds Multi-Region in Opt-In Regions

🔁 AWS Directory Service for Microsoft Active Directory (AWS Managed Microsoft AD) now supports Multi-Region replication in AWS Opt-In regions. The automated feature deploys domain controllers across Availability Zones per region, handles inter-region networking, and replicates users, groups, Group Policy Objects, and schema to maintain a single authoritative directory. It configures an Active Directory site per region to optimize authentication performance and reduce cross-region transfer costs; availability excludes the Middle East (UAE) and Middle East (Bahrain) regions and pricing is hourly per domain controller plus data transfer.
read more →

Critical Infrastructure Threats: Identity, Persistence

🔐 Microsoft Threat Intelligence warns that the cyber threat to critical infrastructure has shifted from opportunistic data theft to long-term, identity-driven persistence aimed at operational disruption. Hybrid IT–OT architectures, cloud-based identity, and exposed remote services enable adversaries—including nation-state actors—to establish low-visibility footholds using living-off-the-land techniques and valid credentials. Microsoft recommends continuous readiness, reducing exposure, and validating defenses through proactive compromise assessments to detect active or dormant intrusions before they are activated.
read more →

Categorizing AI Agents to Prioritize Enterprise Risk

🛡️ AI agents are shifting enterprise automation from passive assistants to autonomous actors, creating new security challenges centered on access, autonomy, and identity governance. The article groups agents into three types—agentic chatbots, local agents, and production agents—and outlines how each carries distinct operational capabilities and risk profiles. For CISOs, the immediate priority is discovering and governing agent identities, limiting over-permissioned access, and aligning permissions with an agent’s intended purpose.
read more →

Talos Year in Review: Identity, Vulnerabilities, and Trends

🔒 The Talos 2025 Year in Review synthesizes Cisco telemetry, incident response cases, and Talos research into a free, cross‑functional report highlighting identity-focused attacks, supply‑chain risks, and phishing trends. Key findings include React2Shell as the most targeted CVE, ToolShell ranking third, and Qilin as the dominant ransomware variant. The report warns that attackers increasingly compromise network infrastructure — especially ADCs and management platforms — to bypass MFA and escalate across environments, and recommends prioritizing patching and treating these devices as identity control points.
read more →