tldrdailynews.com logo
Tag

Identity And Access Management

All articles tagged with #identity and access management

Entra ID Agent Role Flaw Allows Service Principal Takeover, Patch Deployed
technology1 month ago

Entra ID Agent Role Flaw Allows Service Principal Takeover, Patch Deployed

A built-in Entra ID role called Agent ID Administrator could let attackers take ownership of arbitrary service principals, enabling privilege escalation and potential tenant compromise. Microsoft issued a patch across cloud environments on April 9 to block ownership changes by the Agent ID Administrator on non-agent principals, mitigating the risk. Security researchers urge ongoing monitoring of sensitive role usage, ownership changes, secure handling of privileged service principals, and auditing credential creation on service principals to reduce exposure from this loophole.

via The Hacker News|
#cloud-security#cybersecurity#identity-and-access-management
"New Identity and Access Management Guidance Released by CISA and NSA for Vendors"
technology2 years ago

"New Identity and Access Management Guidance Released by CISA and NSA for Vendors"

The Cybersecurity and Infrastructure Security Agency (CISA) and the National Security Agency (NSA) have released new guidance on Identity and Access Management (IAM) challenges faced by vendors and developers. The document highlights the need for clarity in definitions and policies related to multifactor authentication (MFA) and Single Sign-On (SSO), as well as the lack of understanding and integration deficits in leveraging open standard-based SSO with legacy applications. The report also addresses the issue of SSO capabilities being bundled with high-end enterprise features, making them inaccessible to smaller organizations. Additionally, the guidance emphasizes the importance of MFA governance integrity over time and recommends the creation of standard MFA terminology and phishing-resistant authenticators to enhance security.

via TechRepublic|
#cisa#identity-and-access-management#multifactor-authentication
technology2 years ago

"Government Agencies Unveil Cybersecurity Guidelines for Federal Contractors"

The Cybersecurity and Infrastructure Security Agency (CISA) and the National Security Agency (NSA) have released new guidance on Identity and Access Management (IAM), addressing challenges faced by developers and technology manufacturers. The guidance focuses on technology gaps that hinder the adoption and secure use of multifactor authentication (MFA) and single sign-on (SSO) technologies within organizations. While primarily aimed at large organizations, the recommendations are also applicable to smaller organizations. CISA encourages cybersecurity defenders to review the guidance and discuss its implementation with their software vendors.

via CISA|
#cisa#cybersecurity#identity-and-access-management