#identitysecurity — Public Fediverse posts
Live and recent posts from across the Fediverse tagged #identitysecurity, aggregated by home.social.
-
🚨 Most people think red teaming is about exploits.
It’s not.
The most effective attacks today don’t start with vulnerabilities —
they start with **trust**.Modern environments are cloud-heavy, identity-driven, and full of SaaS integrations. In these systems, attackers don’t always need to “break in.”
They move quietly through:
• Over-permissioned identities
• Weak approval workflows
• Misconfigured cloud roles
• OAuth tokens and API access
• Human behavior under pressure
• Business processes no one questionsThis is what I’ve been studying and calling the **Quiet Kill Chain** —
a sequence of legitimate-looking actions that, when chained together, become an attack path.No loud exploits.
No obvious malware.
Just normal activity… used the wrong way.## What changes at an advanced level?
You stop asking:
“What exploit should I use?”And start asking:
• Where does this system trust too easily?
• Which action would look completely normal?
• What would defenders ignore?
• How can I blend into business operations?Because the strongest intrusion today is not the one that is invisible.
It’s the one that looks **legitimate**.
## My takeaway
Offensive security is shifting from breaking systems
to understanding them deeply enough to move inside them unnoticed.I’ve written a full deep-dive on this concept here 👇
Curious to hear your thoughts —
Is detection today ready for this level of subtlety?#CyberSecurity #RedTeam #OffensiveSecurity #ThreatIntel #CloudSecurity #IdentitySecurity #EthicalHacking #BlackCipher
-
The next breach won’t start with malware. It’ll start with an AI agent
https://youtu.be/ATmE3VceSOA #Cybersecurity #ArtificialIntelligence #AIAgents #AgenticAI #AISecurity #EnterpriseSecurity #ZeroTrust #IdentitySecurity #AutomationRisk #DigitalTransformation #Infosec #CyberRisk -
82% of enterprises are running AI agents they don't know about.
That number came out of #RSAC Conference 2026 — and it wasn't the most alarming stat on the table.
Sean Martin sat back down with Itamar Apelblat, Co-Founder and CEO of Token Security, to unpack what he heard walking the show floor and what the CSA data now makes impossible to ignore: 65% of organizations have already had an AI agent-related incident in the last twelve months. 82% found agents in their environment that nobody authorized. Only 21% have any formal process to retire an agent when it's done.
Discovery alone is not governance. Intent-based enforcement is. That's where this conversation lands — and it's worth your time.
A huge thank you to the team at Token Security for joining Sean Martin and Marco Ciappelli on this journey — both on the floor at #RSAC2026 and in the recap. We loved sharing your story and we're looking forward to many more conversations ahead. 🙌
📍 Where are we headed next? Glad you asked: Infosecurity Europe and Black Hat USA — see you there.
🎙️ Recap: https://youtu.be/ZeI5bSbQ070
🎙️ On Location: https://youtu.be/uWjCQC3LnaY
🌐 RSAC Coverage: https://www.itspmagazine.com/rsac
🌐 Next Coverages: https://www.itspmagazine.com/technology-and-cybersecurity-conference-coverage#TokenSecurity #AIAgents #AgentSecurity #CyberSecurity #CISO #CloudSecurity #AIGovernance #IdentitySecurity #CSAReport #InfoSec #RSAC2026 #InfosecurityEurope #BlackHatUSA #CyberSecurityPodcast
-
A perimeter breach doesn't have to become a ransomware incident. PAM is the architectural decision that makes the difference between a contained event and a crisis. #CyberSecurity #PAM #PrivilegedAccessManagement #Ransomware #IdentitySecurity
#CyberSecurity #PAM #PrivilegedAccessManagement #Ransomware #IdentitySecurity
-
A perimeter breach doesn't have to become a ransomware incident. PAM is the architectural decision that makes the difference between a contained event and a crisis. #CyberSecurity #PAM #PrivilegedAccessManagement #Ransomware #IdentitySecurity
#CyberSecurity #PAM #PrivilegedAccessManagement #Ransomware #IdentitySecurity
-
Security goes beyond AI. Identity and user security are hot topics at this year’s RSAC Conference.
👉 https://youtu.be/t8yJxa0xG7o?si=yq-ZUPXD5uNzdq4R▶️ On the Tech Field Day Podcast, Tom Hollingsworth, Jack Poller, and Drew Conry-Murray discuss non-AI security trends—from identity-based and non-human users to securing the browser—and how AI may add future context.
#TFDPodcast #IdentitySecurity #Cybersecurity #EnterpriseSecurity
-
🗳️ Deepfakes aren't just a cybersecurity problem — they're a democratic one.
Biometric liveness detection and injection attack prevention aren't just technical challenges — they're civic imperatives.
🔗 https://provadivita.com/biometric-injection-attacks/
#DeepfakeDetection #ElectionSecurity #BiometricLiveness #AIDisinformation #DigitalTrust #IdentitySecurity #CyberSecurity #FightingFakes
-
🏔️ Great days at the Ergon Airlock Partner Event 2026 on the Stoos.
Proud to receive the award 'Biggest Microgateway Deal 2025' for our success story with HIN - Health Info Net.
Full story: https://www.vshn.ch/en/blog/vshn-wins-biggest-microgateway-deal-2025-at-the-ergon-airlock-partner-event/
#Airlock #Ergon #Microgateway #IdentitySecurity #ZeroTrust #WAAP #DevOps #CloudNative
-
MidPoint 4.10.1 "Braille" is here! 🎉 Our seventy-fifth release brings accessibility improvements and bug fixes, making #midPoint more reliable and inclusive than ever. Learn more: https://docs.evolveum.com/midpoint/release/4.10.1/
-
Collaboration tools like Teams, Slack, and Zoom have become prime targets for attackers—and Microsoft’s latest roadmap updates reflect that shift.
These new security features tell us a lot about the evolving threat landscape and where organizations still need to pay attention. If your security strategy hasn’t caught up with how people actually communicate, this Cyberside Chats episode is worth a listen: https://www.chatcyberside.com/e/collaboration-under-siege-microsoft-s-teams-security-overhaul/
#CybersideChats #Cybersecurity #ThreatLandscape #Microsoft365 #CollaborationSecurity #Phishing #IdentitySecurity #SecurityAwareness
-
Collaboration tools like Teams, Slack, and Zoom have become prime targets for attackers—and Microsoft’s latest roadmap updates reflect that shift.
These new security features tell us a lot about the evolving threat landscape and where organizations still need to pay attention. If your security strategy hasn’t caught up with how people actually communicate, this Cyberside Chats episode is worth a listen: https://www.chatcyberside.com/e/collaboration-under-siege-microsoft-s-teams-security-overhaul/
#CybersideChats #Cybersecurity #ThreatLandscape #Microsoft365 #CollaborationSecurity #Phishing #IdentitySecurity #SecurityAwareness
-
Collaboration tools like Teams, Slack, and Zoom have become prime targets for attackers—and Microsoft’s latest roadmap updates reflect that shift.
These new security features tell us a lot about the evolving threat landscape and where organizations still need to pay attention. If your security strategy hasn’t caught up with how people actually communicate, this Cyberside Chats episode is worth a listen: https://www.chatcyberside.com/e/collaboration-under-siege-microsoft-s-teams-security-overhaul/
#CybersideChats #Cybersecurity #ThreatLandscape #Microsoft365 #CollaborationSecurity #Phishing #IdentitySecurity #SecurityAwareness
-
4 Cybersecurity Predictions and a Wish List for 2026
https://youtu.be/B5nxLVKbhKc #Cybersecurity #AIinSecurity #CyberPredictions #FutureOfSecurity #ZeroTrust #AIThreats #CyberDefense #SecurityAutomation #DigitalTrust #IdentitySecurity #CISO #InfoSec #CyberRisk #TechLeadership -
SASE and Zero Trust set the stage for safer cloud work. What path will you take? #SASE #ZeroTrust #CIO #NetworkSecurity #CyberSecurity #CloudSecurity #EnterpriseIT #DigitalTrust #IdentitySecurity
https://www.linkedin.com/pulse/sase-zero-trust-networks-new-nerve-system-modern-cios-mohindroo--b7x0c -
SASE and Zero Trust set the stage for safer cloud work. What path will you take? #SASE #ZeroTrust #CIO #NetworkSecurity #CyberSecurity #CloudSecurity #EnterpriseIT #DigitalTrust #IdentitySecurity
https://www.linkedin.com/pulse/sase-zero-trust-networks-new-nerve-system-modern-cios-mohindroo--b7x0c -
SASE and Zero Trust set the stage for safer cloud work. What path will you take? #SASE #ZeroTrust #CIO #NetworkSecurity #CyberSecurity #CloudSecurity #EnterpriseIT #DigitalTrust #IdentitySecurity
https://www.linkedin.com/pulse/sase-zero-trust-networks-new-nerve-system-modern-cios-mohindroo--b7x0c -
SASE and Zero Trust set the stage for safer cloud work. What path will you take? #SASE #ZeroTrust #CIO #NetworkSecurity #CyberSecurity #CloudSecurity #EnterpriseIT #DigitalTrust #IdentitySecurity
https://www.linkedin.com/pulse/sase-zero-trust-networks-new-nerve-system-modern-cios-mohindroo--b7x0c -
SASE and Zero Trust set the stage for safer cloud work. What path will you take? #SASE #ZeroTrust #CIO #NetworkSecurity #CyberSecurity #CloudSecurity #EnterpriseIT #DigitalTrust #IdentitySecurity
https://www.linkedin.com/pulse/sase-zero-trust-networks-new-nerve-system-modern-cios-mohindroo--b7x0c -
🥴 Ah, the "Mysterious Realm of #JavaScriptCore," where we learned absolutely nothing about JavaScriptCore but got a full-blown ad for #CyberArk 🤖. Who knew identity security could be so... irrelevant? 🕵️♂️🚪
https://www.cyberark.com/resources/threat-research-blog/the-mysterious-realm-of-javascriptcore #MysteriousRealm #IdentitySecurity #TechHumor #AdWatch #HackerNews #ngated -
RE: https://infosec.exchange/@franklesniak/115572191076370399
#ActiveDirectory #EntraID #IdentityManagement #AccessManagement #IdentitySecurity #ZeroTrust #GroupPolicy #ConditionalAccess #PrivilegedIdentity #PrivilegedIdentityManagement #PrivilegedAccessManagement #MicrosoftSecurity #PingCastle #PurpleKnight #Maester #DigitalIdentity
-
Grafana patched a CVSS 10.0 SCIM flaw (CVE-2025-41115) after discovering that numeric externalId values could override internal user IDs - enabling impersonation or privilege escalation when SCIM + user sync were active.
Fixes are available in the latest enterprise versions. Immediate updates recommended.
💬 Share your thoughts and follow TechNadu for more technical updates.
#Infosec #Grafana #IAM #SCIM #CVE #SecurityUpdate #VulnerabilityManagement #ThreatIntel #IdentitySecurity #PatchNow #CyberAwareness
-
Grafana patched a CVSS 10.0 SCIM flaw (CVE-2025-41115) after discovering that numeric externalId values could override internal user IDs - enabling impersonation or privilege escalation when SCIM + user sync were active.
Fixes are available in the latest enterprise versions. Immediate updates recommended.
💬 Share your thoughts and follow TechNadu for more technical updates.
#Infosec #Grafana #IAM #SCIM #CVE #SecurityUpdate #VulnerabilityManagement #ThreatIntel #IdentitySecurity #PatchNow #CyberAwareness
-
Grafana patched a CVSS 10.0 SCIM flaw (CVE-2025-41115) after discovering that numeric externalId values could override internal user IDs - enabling impersonation or privilege escalation when SCIM + user sync were active.
Fixes are available in the latest enterprise versions. Immediate updates recommended.
💬 Share your thoughts and follow TechNadu for more technical updates.
#Infosec #Grafana #IAM #SCIM #CVE #SecurityUpdate #VulnerabilityManagement #ThreatIntel #IdentitySecurity #PatchNow #CyberAwareness
-
Access Control List illustrates a classic approach to authorization. Widely used, easy to grasp, yet hindered by the lack of a unified standard. 💡
#accesscontrol #opensourceIGA #IGA #opensource #identitysecurity
-
We will be at Operation Defend the North: Vancouver tomorrow, October 23rd!
Stop by our booth to say hello, grab some swag, build your own custom minifig, and meet our Vancouver-based team behind the SecOps Cloud Platform.
Don't miss Module 1 on Detection and Analysis at 9:15am, and join our hands-on workshop on Purple Teaming Okta Detections and Identity Security Posture Management from 2-4pm in Room No. 480.
In this practical workshop, you'll learn to onboard Okta logs to the LimaCharlie SecOps Cloud Platform, write detections for critical identity security events, and test your detections using open-source adversary emulation tools.
Each attendee gets their own individual lab environment built with free and open-source tools.
Basic understanding of YAML and detections is helpful but not required.
See you in Vancouver!
-
1Password and Browserbase partner to secure credential access for AI agents
https://web.brid.gy/r/https://nerds.xyz/2025/10/1password-browserbase-secure-agentic-autofill/
-
Imagine your network acting like a digital fortress on autopilot—automatically sealing breaches before they even happen. Curious how automated microsegmentation is revolutionizing Zero Trust? Read on to discover more.
#microsegmentation
#zerotrust
#networksecurity
#cybersecurityautomation
#lateralmovement
#identitysecurity
#cloudsecurity
#securityautomation
#infosec -
Imagine your network acting like a digital fortress on autopilot—automatically sealing breaches before they even happen. Curious how automated microsegmentation is revolutionizing Zero Trust? Read on to discover more.
#microsegmentation
#zerotrust
#networksecurity
#cybersecurityautomation
#lateralmovement
#identitysecurity
#cloudsecurity
#securityautomation
#infosec -
Imagine your network acting like a digital fortress on autopilot—automatically sealing breaches before they even happen. Curious how automated microsegmentation is revolutionizing Zero Trust? Read on to discover more.
#microsegmentation
#zerotrust
#networksecurity
#cybersecurityautomation
#lateralmovement
#identitysecurity
#cloudsecurity
#securityautomation
#infosec -
Zero Trust: The Cybersecurity Revolution We Can’t Ignore
https://youtu.be/Ql5Hoxw-Fm8 #ZeroTrust #CyberSecurity #IdentitySecurity #NetworkSecurity #CloudSecurity #DataProtection #WorkloadSecurity #DeviceSecurity #CISO #RiskManagement -
Mapping Mayhem: Security’s Blind Spots in Identity Security – Source: securityboulevard.com https://ciso2ciso.com/mapping-mayhem-securitys-blind-spots-in-identity-security-source-securityboulevard-com/ #IdentityandAccessManagement #SecurityBoulevard(Original) #rssfeedpostgeneratorecho #CyberSecurityNews #SecurityBoulevard #identitysecurity #SocialFacebook #SocialLinkedIn #SpecterOps #Spotlight #FEATURED #Security #SocialX #Okta
-
New NIST Zero Trust Guidance Alert!
Looking to implement zero-trust architecture (ZTA) but unsure where to start? NIST just released SP 1800-35, offering 19 real-world examples of zero-trust implementations using commercial, off-the-shelf tech.
Built with 24 industry collaborators over four years, this detailed playbook bridges the gap between theory and practice.
Key takeaways for your organization:
• Map your ZTA to the NIST Cybersecurity Framework
• Start with what you have — identify existing tech
• Roll out incrementally: identity, MFA, access controls
• Validate and monitor continuously
• Treat ZTA as a journey, not a one-and-done projectRead the article for advice on your zero-trust journey: https://www.darkreading.com/endpoint-security/nist-outlines-real-world-zero-trust-examples
#ZeroTrust #Cybersecurity #NIST #ZTA #Infosec #ZTArchitecture #SP1800_35 #ContinuousSecurity #IdentitySecurity #LeastPrivilege #Cybersecurity #Infosec #IT #Riskmanagement
-
New NIST Zero Trust Guidance Alert!
Looking to implement zero-trust architecture (ZTA) but unsure where to start? NIST just released SP 1800-35, offering 19 real-world examples of zero-trust implementations using commercial, off-the-shelf tech.
Built with 24 industry collaborators over four years, this detailed playbook bridges the gap between theory and practice.
Key takeaways for your organization:
• Map your ZTA to the NIST Cybersecurity Framework
• Start with what you have — identify existing tech
• Roll out incrementally: identity, MFA, access controls
• Validate and monitor continuously
• Treat ZTA as a journey, not a one-and-done projectRead the article for advice on your zero-trust journey: https://www.darkreading.com/endpoint-security/nist-outlines-real-world-zero-trust-examples
#ZeroTrust #Cybersecurity #NIST #ZTA #Infosec #ZTArchitecture #SP1800_35 #ContinuousSecurity #IdentitySecurity #LeastPrivilege #Cybersecurity #Infosec #IT #Riskmanagement
-
New NIST Zero Trust Guidance Alert!
Looking to implement zero-trust architecture (ZTA) but unsure where to start? NIST just released SP 1800-35, offering 19 real-world examples of zero-trust implementations using commercial, off-the-shelf tech.
Built with 24 industry collaborators over four years, this detailed playbook bridges the gap between theory and practice.
Key takeaways for your organization:
• Map your ZTA to the NIST Cybersecurity Framework
• Start with what you have — identify existing tech
• Roll out incrementally: identity, MFA, access controls
• Validate and monitor continuously
• Treat ZTA as a journey, not a one-and-done projectRead the article for advice on your zero-trust journey: https://www.darkreading.com/endpoint-security/nist-outlines-real-world-zero-trust-examples
#ZeroTrust #Cybersecurity #NIST #ZTA #Infosec #ZTArchitecture #SP1800_35 #ContinuousSecurity #IdentitySecurity #LeastPrivilege #Cybersecurity #Infosec #IT #Riskmanagement
-
Here we go, with another pre-RSAC 2025 Conference Coverage Brand Story!
#QuantumSecurity, Real Problems, and the Unifying Layer Behind It All
A Brand Story with Marc Manzano, General Manager, Cybersecurity Group at SandboxAQAs we get ready for RSAC 2025, we’re kicking things off with some Brand Story conversation that sets the tone for what’s coming.
In this pre-event episode, SandboxAQ shares how their flagship platform, Active Guard, is reshaping #cybersecurity at the intersection of #AI and #quantum. From cryptographic asset management to non-human identity oversight and automated compliance, it’s all about solving real challenges and building a more secure, interoperable future.
ITSPmagazine's Co-founders Marco Ciappelli and Sean Martin, CISSP sat down with Marc Manzano for a first look at the #technology and thinking behind it — and what you can expect from their presence at RSA Conference 2025.
We’ll reconnect and record with SandboxAQ on location at #RSAC2025 for a deeper dive into this critical conversation.
A special thank you to SandboxAQ for sponsoring our RSAC 2025 coverage and supporting this exploration into the future of cybersecurity.
Watch, listen, and learn more below:
Video Teaser: https://youtu.be/eCT8qNhp4nc
Full Video Episode: https://youtu.be/aD34MD5IRnc
Explore our full RSAC 2025 Coverage: https://www.itspmagazine.com/events/rsac
#sandboxaq #rsac2025 #brandstory #cybersecurity #quantumsecurity #aiops #cryptographicmanagement #securityautomation #digitaltransformation #activeguard #rsa #infosec #devsecops #identitysecurity #securityoperations #interoperability #itspmagazine #rsaconference #cybersecurityinnovation #infosecurity
-
I'm not wild about the "Year of" trope, but I think we can go ahead and call this the Year of Agentic AI. I've rarely seen one topic so thoroughly absorb the entire industry's attention.
#Cybersecurity often follows the initial hype around the latest shiny object. Still, some IT pros and vendors are considering what #agenticAI means for security, particularly in identity and access management.
In this feature that was months in the making, experts from academic, vendor, and enterprise backgrounds weighed in.
#AIagents #IAM #identityandaccessmanagement #SecOps #ITOps #identitysecurity #PAM #abac #accesscontrols #AI #GenAI #LLMs
-
Microsoft has rolled out so-called Microsoft-managed conditional access policies in November 2023. The policies will be automatically enabled very soon. Do you know what is the impact of the policies on your tenant?
These managed policies are intended to cover the most important identity security scenarios within Microsoft Entra ID. But obviously can negatively impact existing users and administrators if the company if not ready for the rollout.
Check my today's blog post to see the impact of the policies. 👇👇
https://www.cswrld.com/2024/04/microsoft-managed-conditional-access-policies/
#conditionalaccess #entraid #microsoft #identitysecurity #tips
-
If you've been living under the impression that 100% of all configuration changes in Entra ID are audited or audited to a degree of value... you'd be wrong.
From a recent bit of analysis in what's in, or, what's not in, Entra ID audit logs, I've written up some findings and thoughts.
#entra #EntraID #aad #azuread #azureactivedirectory #m365 #mvpbuzz #microsoft #infosec #identitysecurity #azure
https://ericonidentity.com/2023/08/29/dude-wheres-my-audit-logs/
