December 4, 2024 at 12:45AM A critical vulnerability (CVE-2024-10905) in SailPoint’s IdentityIQ software allows unauthorized access to application directory content, with a CVSS score of 10.0. Affected versions include 8.2, 8.3, and 8.4, along with their respective patch levels. No security advisory from SailPoint has been released yet. **Meeting Takeaways – December 4, 2024** 1. … Read more
September 12, 2024 at 09:36AM Aembit, a non-human identity and access management (IAM) provider, has raised $25 million in a Series A funding round, bringing the total raised to $45 million. The startup, founded in 2021, aims to solve the challenge of access between distributed applications and SaaS services. Aembit’s solution provides policy-based access management … Read more
August 30, 2024 at 10:09AM CISOs face growing pressure as data breaches dominate headlines. The SEC’s new disclosure requirements put more accountability on them, recognizing identity management as crucial. IAM should report to CISOs and separate from IT to ensure effective governance. Implementing identity protection and micro-segmentation can mitigate breaches. CISOs need more organizational power … Read more
August 21, 2024 at 01:27PM Cyble Security researchers found 110,000 domains targeted by attackers exploiting misconfigured .env files, exposing cloud access keys and SaaS API keys. Attackers targeted unsecured web applications, accessed IAM keys, and escalated privileges to gain unfettered access. Cloud users are urged to follow best practices and avoid committing .env files to … Read more
July 8, 2024 at 02:32PM Businesses in consumer financial services face challenges in managing identity information across different services, leading to a fragmented customer experience. Identity orchestration aims to integrate disparate identity systems to create a seamless online experience. It is increasingly important in industries such as financial services, retail, and hospitality, offering benefits like … Read more
April 28, 2024 at 10:30AM Okta has reported a significant increase in credential stuffing attacks, facilitated by residential proxy services and stolen credentials. Cisco also cautioned of a surge in brute-force attacks targeting various devices. These attacks appear to originate from TOR exit nodes and anonymizing services. Okta recommends enforcing strong passwords, enabling two-factor authentication, … Read more
March 21, 2024 at 12:00PM Dymium, a California startup, secures $7 million in funding from Two Bear Capital and angel investors. The company offers enterprise data protection products, including a platform that integrates with existing IAM infrastructure and a SecureChat AI portal. Its solutions ensure real-time, transparent data governance and PII protection, with deployment options … Read more
February 28, 2024 at 05:45AM Traditional perimeter-based security is no longer effective, leading to a greater emphasis on communication security and the management of superusers. SSH Communications Security aims to bridge the gap between traditional PAM and IdM solutions. The future of cybersecurity is envisioned as a Zero Trust model, embracing borderless, passwordless, keyless, and … Read more
January 17, 2024 at 07:36AM Savvy, a SaaS security platform provider, has introduced Identity-First Security to address risks stemming from identity access management permissions, user behavior, and business context. The offering aims to combat SaaS application-related security risks by providing comprehensive visibility and automated security guardrails to guide users in real time. For more details, … Read more
November 3, 2023 at 08:41AM Oracle now requires multifactor authentication (MFA) for all instances in its cloud environment, Oracle Cloud Infrastructure. New tenancies have MFA enabled by default for cloud administrators, and preexisting systems have a default policy to enforce MFA. Oracle provides tools for managing configuration and access control policies, including the ability to … Read more