Tag: identity management
61 articles

Microsoft Entra ID Shifts to Passkey Authentication Default
Microsoft is shaking things up with its Entra ID service by making passkey authentication the default method starting September 2026, and users currently relying on SMS or voice authentication will be automatically transitioned to passkeys. By February 1, 2027, SMS and voice authentication will be phased out, marking a significant shift towards more secure passkey technology.

Varonis Launches Breach at the Beach, a Hands-On Entra ID Training Experience
Get ready to dive into the world of Entra ID with Varonis' immersive Breach at the Beach training experience, where you'll learn to navigate the complex control plane that connects users, applications, and AI-powered workflows. Discover how to defend against threats that exploit non-human identities and automate breaches.

Agentic AI's Identity Crisis Leaves Security Teams Vulnerable
Agentic AI's autonomy and poorly tracked access are creating a perfect storm of identity risk, leaving security teams vulnerable to attacks. As digital actors with broad permissions, these AI agents are operating in the dark, with many organizations lacking visibility into their actions.

AI Agents Emerge as Unchecked Identities in Enterprise Security
The equation for enterprise security is no longer simple: with AI agents now connected to critical business services, controlling identities is no longer enough to control risk. These emerging insiders have quietly become privileged - and potentially invisible - attack paths that security and identity programs must urgently address.

Account Takeovers Rise as Complexity Exposes Identity Vulnerabilities
As attackers increasingly target identities rather than infrastructure, account takeovers are on the rise - and with 22% of breaches involving credential abuse, it's clear that traditional username-and-password security just isn't cutting it. The explosion of identities across cloud services, SaaS apps, and remote environments has created a perfect storm of vulnerability.

AI Agents Expose Security Risks in 93% of Organizations
Most organizations are unwittingly rolling out AI agents with access to sensitive tasks, leaving them vulnerable to security breaches. In fact, only 32% of teams feel very confident they could recover from exposed admin credentials, highlighting a disturbing gap in control and preparedness.

Hackers Exploit Instagram AI Chatbot to Hijack User Accounts
Hackers recently tricked Instagram's AI chatbot into handing over account controls, highlighting a critical vulnerability in AI agent authorization - a problem that's proving tougher to crack than authentication. By falsifying user locations and manipulating the chatbot, attackers were able to change account email addresses and passwords.

Identity Exposures Form Highways for Cyber Attacks
A single compromised identity can become a superhighway for cyber attacks, giving hackers access to nearly every critical workload a business relies on - as seen in a recent incident where a cached AWS access key on one Windows machine put 98% of the company's cloud environment at risk. Identity has become the ultimate attack path, carrying with it a multitude of permissions just waiting to be exploited.

Enterprises Unprepared for Agent AI Risks as Identity Gaps Persist
Enterprises are rolling out Agent AI at scale, but a staggering 57% of identity elements remain unseen and unmanaged, leaving them woefully unprepared for the risks that come with it. This "identity dark matter" now outweighs visible, centrally managed elements, threatening to expose businesses to devastating consequences.

AI Agents Expose Organizations to Identity Security Risks
Most organizations are unwittingly rolling out AI agents that can open the door to identity security breaches, with 93% using or planning to use them for sensitive tasks like password resets and VPN access. Despite this, many admit that these agents create new vulnerabilities.

Attackers Exploit AD CS for Stealthy Privilege Escalation
Malicious actors are exploiting weaknesses in Active Directory Certificate Services (AD CS) to secretly escalate privileges, often disguising their attacks as routine administrative actions. This stealthy tactic allows them to blend in with normal operations, making it a high-impact threat that's often under-monitored.

Cybersecurity Experts Push for Password Paradigm Shift
On World Password Day, cybersecurity experts are sounding the alarm: it's time to rethink our reliance on passwords, as attackers continue to exploit weak visibility and poor credential management to gain access to sensitive systems. The real vulnerability isn't a single weak password, but how credentials spread across organizations, often with employees reusing and sharing access without centralized tracking.

Identity Management Wrestles with AI-Driven Risks
The rapid evolution of Artificial Intelligence is a double-edged sword for IT leaders, bringing unprecedented opportunities for efficiency, but also sophisticated threats and complex identity management challenges. As organizations adopt autonomous digital workers, they must navigate the tension between harnessing AI's power and mitigating its risks to trust and identity.

Microsoft Bolsters Entra with Passkey Support on Windows
Say goodbye to passwords! Microsoft is bolstering Entra with passkey support on Windows, allowing users to authenticate with a face scan, fingerprint, or PIN for added security and convenience.

Weak Passwords Expose Firms to Data Loss Risk
One careless decision - using the same easily-guessable password across multiple environments - left a client vulnerable to disaster, despite a hefty investment in security tools. A simple password like "admin123" pinned in a shared Slack channel created a single point of failure that put the entire system at risk.

Enterprises Face Identity Crisis as Machine Access Surges
As AI agents increasingly reshape enterprise operations and defenses, a new reality sets in: machine identities are surging, outnumbering human users and introducing unprecedented risks that are autonomous, fast-moving, and difficult to control. This seismic shift demands attention, as organizations scale AI and transform their attack surfaces and decision flows.

AI Agents Fuel 76% Surge in Non-Human Identities
The machines are catching up - a staggering 76% surge in non-human identities, driven by AI agents acting on our behalf, is raising critical questions about governance and control. As these machine-driven identities multiply, gaps in oversight are emerging, threatening to upend traditional operational and policy domains.

Identity Fragmentation Exposes Growing Enterprise Security Risks
As organizations scale, identities are scattering across apps, teams, and systems, creating a blind spot in centralized view and giving rise to what The Hacker News calls Identity Dark Matter. This fragmented state of modern enterprise identity is pushing IAM to the breaking point, exposing growing security risks that demand attention.

Linx Security Bolsters Identity Governance with $50M Funding
Linx Security just secured $50 million to revolutionize identity governance with an AI-native approach, closing gaps that leave organizations vulnerable to attack. With this funding, they'll scale their cutting-edge platform to automate identity management and safeguard enterprises.

NIST Unveils Critical Identity Verification Standard for Federal Workers
The National Institute of Standards and Technology (NIST) has just unveiled a groundbreaking identity verification standard to safeguard the identities of federal workers and contractors, addressing the growing threat of identity theft and cybersecurity breaches. This critical new standard is a major step forward in protecting sensitive information and preventing unauthorized access.

AI security Must-Have: Best Defense Tactics
PwC finds organizations are now prioritizing AI security over cloud and network defenses, reallocating budgets to protect models, training data and inference pipelines from novel attacks. That shift means stronger governance, adversarial testing and monitoring are needed to make AI a strategic asset rather than a new liability.

Salesforce platforms: Must-Have Critical Security Guide
The FBI just flagged active campaigns targeting Salesforce platforms—if you rely on Salesforce for customer data, now’s the time to harden access, rotate tokens, and audit integrations. Take a few simple steps today to prevent data theft, detect suspicious exports, and reduce your risk before attackers strike.

data breaches in schools: Urgent Exclusive Warning
A new ICO warning shows student hacks are increasingly exposing sensitive school data and could be training tomorrow’s cybercriminals. Schools urgently need practical security upgrades, ethics lessons and better funding to protect pupils and restore parental trust.

Active Directory: Risky Stunning Defaults Endanger Hospitals
When attackers used Kerberoasting to cripple Ascension, Senator Wyden warned Microsoft’s defaults may be putting patients at risk — sparking an FTC probe and a wider debate over vendor responsibility versus hospital readiness. It’s a wake-up call: better identity hygiene and safer out‑of‑the‑box settings could be the difference between uninterrupted care and real harm.