Collaborate Disseminate
Cross-IdP impersonation – a technique that enables attackers to hijack the single sign-on (SSO) process to gain unauthorized access to downstream software-as-a-service (SaaS) applications without compromising a company’s primary identity pr… Continue reading Cross-IdP impersonation bypasses SSO protections
It’s easy to see why identity security is often synonymous with user security. Social engineering tactics are the mainstay of the threat actor’s arsenal, and it’s rare to find an attack that doesn’t feature them to some degree. Getting hold of privileg… Continue reading The changing face of identity security
In a bold move, Apple has published a draft ballot for commentary to GitHub to shorten Transport Layer Security (TLS) certificates down from 398 days to just 45 days by 2027. The Apple proposal will likely go up for a vote among Certification Authority… Continue reading Apple’s 45-day certificate proposal: A call to action
Identity-related data breaches are more severe and costly than run-of-the-mill incidents, according to RSA. 40% of respondents reported an identity-related security breach. Of those, 66% reported it as a severe event that affected their organization. 4… Continue reading Identity-related data breaches cost more than average incidents
In this Help Net Security interview, Carla Roncato, VP of Identity at WatchGuard Technologies, discusses how companies can balance privacy, security, and usability in digital identity systems. She emphasizes modern techniques like biometrics and passke… Continue reading Simplifying decentralized identity systems for everyday use
A Swiss Unicorn scanning software company is asking for a screen recording of my digital driving licence via UpWorks a freelance marketplace.
They’re using Aphaia as outsourced DPO.
What are the risks of sharing mobile digital driving lice… Continue reading Risks from sharing screen recording of mobile Australia licence
While most organizations are still in the early horizons of their identity security journey, those who achieve maturity are seeing disproportionately higher returns for every dollar spent, according to SailPoint. Identity security adoption still in ea… Continue reading Unlocking the value of AI-powered identity security
As personal data becomes increasingly commodified and centralized, the need for individuals to reclaim control over their identities has never been more urgent. Meanwhile, traditional identity systems used by enterprises often expose sensitive informat… Continue reading The role of self-sovereign identity in enterprises
In this Help Net Security interview, John Yeoh, Global VP of Research at CSA, discusses the growing security challenges posed by non-human identities (NHIs). With NHIs now outnumbering human identities by 20 to 1, organizations are struggling to secure… Continue reading Securing non-human identities: Why fragmented strategies fail
Compromised identities have been a central component of countless costly breaches this year, according to Red Canary. Rise in identity and cloud-native attacks While most of the threats and techniques identified in the 2024 report remain consistent wit… Continue reading Organizations are making email more secure, and it’s paying off