Identity and Access Management
Identity and Access Management | News, how-tos, features, reviews, and videos
Inactive accounts pose significant account takeover security risks
Inactive accounts that haven’t been accessed for extended periods are more likely to be compromised due to password reuse and lack of multifactor authentication.
CyberArk’s enterprise browser promises zero-trust support, policy management
The identity security vendor is set to launch an enterprise browser in response to increasing post-MFA attacks on session cookies.
Teleport releases Teleport 13 with automatic vulnerability patching, enhanced DevOps security
Teleport 13 features include Transport Layer Security routing and the ability to import applications/groups from Okta and AWS OpenSearch support for secure database access.
Think security first when switching from traditional Active Directory to Azure AD
With the final release of Windows 10, the use of traditional Active Directory may be waning, and Azure AD on the rise. Here are some security concerns that need to be addressed when making the switch.
Majority of US, UK CISOs unable to protect company 'secrets': Report
The GitGuardian study found 75% of respondents have experienced a data leak involving company secrets, including API keys, usernames, passwords, and encryption keys, in the past.
Review your on-prem ADCS infrastructure before attackers do it for you
Attacks through Active Directory Certificate Services are fairly easy for bad actors to perform but basic vigilance and built-in Windows protections can help mitigate the risk of a breach.
Google rolls out passkey support across accounts on all major platforms
Passkeys for Google Accounts are available now while Google Workspace administrators will soon be able to enable passkeys for their end-users.
Veza releases access security, governance solution for SaaS applications
Solution secures sensitive data in SaaS apps and integrates with 15 popular services including Salesforce, JIRA, GitHub, and Slack.
Embracing zero-trust: a look at the NSA’s recommended IAM best practices for administrators
The US National Security Agency and CISA have published a set of guidelines to help secure systems from access- and identity-based threats. Here’s what to look for in this wide-ranging document.
Circle Security debuts platform “purpose-built” to tackle credential-driven threats, cloud attacks
The new cybersecurity company's solution is available as a device-native service, a mobile app, browser-based, and via a developer-focused API.
Siemens focuses on zero trust, legacy hardware, supply chain challenges to ensure cybersecurity of internal systems
Siemens US chief cybersecurity officer Helen Negre discusses how the organization is focusing on zero trust to ensure the security of internal systems across its different lines of business.
Xage’s new IAM offering provides multilayer authentication for ICS/OT
The multilayer IAM maps services from a user’s multiple identity and active directory providers onto different network layers of ICS/OT systems.
Daon’s TrustX to offer SaaS-based, no-code identity journeys
TrustX’s AI/ML-powered platform builds, authenticates, and manages identity journeys through no-code, drag-and-drop orchestration.
19 startups to check out at RSA Conference 2023
Young vendors of identity and access management, application security, and third-party risk solutions dominate the list of startups exhibiting at RSA.
CISA updates zero trust maturity model to provide an easier launch
The Cybersecurity and Infrastructure Security Agency updated its Zero Trust Maturity Model to include a new stage that could make it easier for organizations to transition to a zero-trust architecture.
Inside-Out Defense launches privilege access abuse detection, remediation platform
SaaS platform complements other identity and access management, privilege access management, and custom identity solutions as cybercriminals prioritize stolen access credentials.
Default static key in ThingsBoard IoT platform can give attackers admin access
Admins unable to update to the patched ThingsBoard version can manually change the default signing key.
Hackers steal crypto assets by defeating 2FA with rogue browser extension
The Rilide malware tricks victims into revealing their second-factor authentication to withdraw cryptocurrency in the background.