All news with #oidc misuse tag

Mon, July 21, 2025

Beyond IAM Access Keys: Modern AWS Authentication Approaches

#AWS #CI/CD Security #IAM Roles #OIDC Misuse

🔐 This AWS Security Blog post explains why long-term IAM access keys introduce exposure and operational risk, and outlines practical, more secure alternatives. It recommends browser-based CloudShell for CLI access, IAM Identity Center (with AWS CLI v2 and MFA) and IDE integrations for developer workflows, and IAM roles for compute and CI/CD. The post also covers external access options, emphasizes temporary credentials, and urges the principle of least privilege.

read more →

Tue, July 15, 2025

Securing Cloud Identity Infrastructure Through Collaboration

#Conference #HSM #IAM #Identity Threat Detection #JWT Weakness #Key Management #OAuth Misconfig #OIDC Misuse #Secrets Management #Token Exchange

🔒 CISA's Joint Cyber Defense Collaborative (JCDC) is coordinating with major cloud providers and federal partners to strengthen core cloud identity and authentication systems against sophisticated, nation-state affiliated threats. Recent incidents have exposed risks from token forgery, compromised signing keys, stolen credentials, and gaps in secrets management, logging, and governance. On June 25, a technical exchange convened experts from industry and government to share best practices and explore mitigations such as stateful token validation, token binding, improved secrets rotation and storage, hardware security modules, and enhanced logging to better detect and respond to malicious activity.