Tag: zero trust
125 articles

Private 5G Networks Expose Government to Hidden Security Risks
Government agencies and military organizations risk exposing themselves to hidden security threats if they don't adopt a zero-trust approach to their private 5G networks, leaving them vulnerable to potentially devastating attacks. Without proper security measures in place, adversaries could gain unrestricted access to sensitive information and wreak havoc.

Agencies Modernize Identity Infrastructure to Counter Emerging Threats
Federal agencies are racing against the clock to modernize their identity infrastructure, securing legacy systems while navigating the rapid evolution of AI and emerging post-quantum threats. As AI continues to advance at breakneck speed, agencies must build adaptable cybersecurity strategies to stay ahead of the threat landscape.

SASE Struggles to Keep Pace with AI-Driven Workflow Shifts
As enterprises shift to AI-driven workflows, their security teams struggle to keep up, risking loss of visibility as data interactions move beyond traditional network boundaries. With modern protocols like TLS 1.3 and HTTP/3 blocking interception, outdated SASE architectures are failing to keep pace.

FIFA Exposes Vulnerability in Application Backends
A shocking vulnerability was discovered in the backends of two FIFA applications, Football Data Platform and Commentator Information System, where authorization checks were surprisingly handled by client-side code, leaving them open to potential exploitation. This flaw highlights a critical error in application design, where security checks were outsourced to the user interface, rather than being rigorously enforced on the server-side.

NSA, CISA Warn Federal Agencies of Identity Security Risks
The NSA and CISA are sounding the alarm: identity security risks are now the frontline in federal cybersecurity, with Active Directory and Entra ID being prime targets for cyber attackers. Recent incidents show that nearly 75% of major federal cyber breaches in the last five years involved compromised identities.

Credentials Face Quantum Threat Decades Ahead
The NSA has set a critical deadline: by January 1, 2027, new national security systems must support quantum-resistant algorithms to stay ahead of emerging threats. With deadlines stretching into the 2030s, organizations must plan now to protect their systems from the looming quantum threat.

CISA Guides Agencies Toward SASE for Zero Trust Adoption
CISA's new guidance is helping federal agencies ditch outdated internet gateways and make the leap to Secure Access Service Edge (SASE) technology, a key step towards adopting zero-trust architectures. By making this shift, agencies can unlock the benefits of zero-trust security and leave legacy perimeter-based models behind.

Identity Visibility Platforms Shrink IAM Attack Surface
Nearly half of all identity activity in enterprises remains invisible to centralized identity and access management, creating a hidden risk that can leave organizations vulnerable to attacks. This "Identity Dark Matter" emerges as identities multiply across apps, teams, and systems, outpacing the ability of security teams to keep control.

US Cyber Official Warns of AI-Driven Identity Security Risks
As AI-driven threats evolve, securing identities is more crucial than ever - in fact, a top US cyber official warns that controlling who and what gets onto a network is now our first line of defense. By prioritizing identity security, we can prevent attackers from exploiting vulnerabilities and gaining a foothold in our systems.

West Pharmaceutical Ransomware Attack Exposes Supply Chain Vulnerabilities
In the wake of a ransomware attack, West Pharmaceutical Services swiftly sprang into action, disclosing the breach and launching a thorough investigation with law enforcement and cyber-forensic experts. But despite their rapid response, the company's data loss has left many questions unanswered – and a glaring spotlight on supply chain vulnerabilities.

Microsoft Fixes Autopatch Bug Deploying Restricted Drivers
Microsoft fixed a Windows Autopatch bug that caused a small number of EU devices to receive restricted driver updates despite administrative policies in place to block them. The issue affected specific Windows 11 versions, including 23H2, 24H2, and 25H2.

Firewalls Evolve to Bolster Zero Trust, Cloud Security
As organisations navigate the complexities of multi-cloud estates, modern cloud firewalls are emerging as a crucial linchpin for reclaiming coherent security controls and mastering cloud networking. They're not old tech, but a vital tool for cloud architects and security pros to enforce robust, zero-trust security across multiple providers.

AI Agents Expose Governance Gaps in Enterprise Identity Security
As AI agents become increasingly integral to enterprise operations, a concerning gap is emerging: the rapid adoption of AI is outpacing the development of essential governance policies to secure identities and access. Discover how this vulnerability impacts corporate applications and what you can do to protect your organization.

CISA's Zero Trust Guidance Falls Short on Cost, Implementation Details
While CISA's new zero trust guidance for operational technology is a step in the right direction, it leaves critical questions unanswered - namely, who foots the bill and how do organizations actually implement it? The guidance gets high marks for technical thinking, but falls short on practical details like funding, timelines, and automation.

US Agencies Issue Zero Trust Guidance for OT Security
US government agencies have just released a game-changing guide to help protect critical infrastructure systems with practical, layered security strategies. The new zero-trust guidance provides a tailored approach for operational technology environments, balancing safety and uptime needs with robust security measures.

Zero Trust Stalls at Data Movement Bottleneck
The moment data crosses a boundary, it's often assumed to be trustworthy - but that's exactly where attackers strike, exploiting this blind spot with alarming success. A recent Cyber360 survey reveals that 53% of security leaders still rely on manual processes to move sensitive data, leaving a gaping Zero Trust gap that's ripe for exploitation.

Google Unveils AI Agent Identity Platform to Tackle New Identity Risks
Google is stepping up its game in AI security with a new platform that gives autonomous software agents their own unique identities, ensuring that every action is verified, recorded, and accountable. This move towards zero-trust verification means organizations can trust their AI agents to act with integrity and transparency.

NCSC Endorses Passkeys as Default Login Method
The UK's National Cyber Security Centre now recommends passkeys as the default login method, marking a significant shift away from passwords. This endorsement comes after a year of collaboration with industry and notable improvements in passkey technology.

Pentagon Bolsters Cyber Budget with $20.5B Allocation
The Pentagon is shoring up its defenses with a $20.5 billion cyber budget allocation, aimed at outsmarting adversaries who are increasingly sophisticated in their digital threats. This major investment is part of a broader strategy to integrate cyber capabilities across all warfighting domains and safeguard military networks.

Byzantine Defenses Unveil Layered Security Secrets
Discover the ancient secret to impenetrable defense: layering multiple barriers to create a fortress that's almost impossible to breach. The Byzantine walls of Constantinople, with their four distinct defensive lines, hold the key to a powerful security strategy that's stood the test of time.

Zero Trust Fortifies Identity Security Against Credential Exploits
Stolen credentials are a hacker's dream come true, leading to easy privilege escalation and full network compromise - but what if you could lock down your identities and shut the door on these threats? An identity-first Zero Trust approach is the powerful solution you need to fortify your security.

Vendor Breaches Spotlight Healthcare's Cyber Vulnerability
Recent vendor breaches have exposed healthcare's alarming cyber vulnerability, raising critical questions about who bears the cost - and the consequences - when a vendor's systems fail. As the threat landscape evolves, one thing is clear: the healthcare industry must rethink its approach to cybersecurity and vendor risk management.

Securing Identities in a Decentralized Workforce
In today's decentralized workforce, the traditional network perimeter has disappeared, leaving us with a pressing question: who's responsible for securing identities when and where work happens? The shift to hybrid work has created a diffuse and distributed perimeter, where users and applications are scattered across various networks, devices, and clouds, making it harder for traditional security models to keep up.

AI Drives Critical Need for Real-Time Microsegmentation
The AI revolution has turned the cybersecurity landscape upside down, compressing attack timelines from months to mere minutes and making traditional security approaches woefully inadequate. To keep pace, organizations urgently need to adopt real-time microsegmentation to protect themselves from threats that can move at machine speed.