All news with #secrets management tag

Tue, July 15, 2025

Securing Cloud Identity Infrastructure Through Collaboration

#Conference #HSM #IAM #Identity Threat Detection #JWT Weakness #Key Management #OAuth Misconfig #OIDC Misuse #Secrets Management #Token Exchange

🔒 CISA's Joint Cyber Defense Collaborative (JCDC) is coordinating with major cloud providers and federal partners to strengthen core cloud identity and authentication systems against sophisticated, nation-state affiliated threats. Recent incidents have exposed risks from token forgery, compromised signing keys, stolen credentials, and gaps in secrets management, logging, and governance. On June 25, a technical exchange convened experts from industry and government to share best practices and explore mitigations such as stateful token validation, token binding, improved secrets rotation and storage, hardware security modules, and enhanced logging to better detect and respond to malicious activity.

read more →

Thu, July 10, 2025

Accenture Cloud Buckets Exposed Sensitive Credentials

#Accenture #AWS S3 #Breach #Data Leak #Secrets Management

🔒 UpGuard discovered four publicly accessible AWS S3 buckets belonging to Accenture, exposing API keys, certificates, decryption keys, plaintext passwords, and customer data associated with the Accenture Cloud Platform. The discovery was made in mid-September 2017 and reported to Accenture, which secured the buckets the following day. Exposed artifacts included master KMS keys, VPN credentials, logs, and private signing keys that could enable impersonation and secondary attacks against clients.