I'm helping a client work through a breach. Usually an insurer covers some kind of monitoring as a part of their coverage. I've never priced it out. This client isn't going through insurance and I'd rather not 'hop on for a quick call' five times today for pricing. Anyone have some ballpark quotes and who you went with? Thanks! submitted by /u/lawtechie [link] [comments]
Password resets account for nearly 40% of IT help desk calls, costing orgs time and money. Specops Software's uReset lets users securely reset passwords with flexible MFA options like Duo, Okta, and Yubikey while enforcing identity verification to stop misuse.
Expanded ITDR features - including the new Microsoft Defender for Identity sensor, now generally available - bring improved protection, correlation, and context to help customers modernize their identity defense.
We've been working toward a Zero Trust model for a while, but it gets messy once you mix cloud and on-prem. Identity-based access works fine in cloud-native apps, but once you add legacy systems and unmanaged devices, the control gaps show fast. Curious if anyone here has managed to get true end-to-end Zero Trust working across hybrid setups. What did you prioritize first, identity, network segmentation, or workload security? submitted by /u/cheerioskungfu [link] [comments]
We've recently set up Identity, and this alert was triggered. I've been trying to understand the detection, and so far it indicates that a weak Kerberos encryption type ( RC4_HMAC_NT ) was used. Toward the bottom of the alert, it recommends me checking for any legacy software products that may be authenticating using this encryption type. However, I haven't identified any such software so far. Is there a way to pinpoint which software is performing the authentication? Any query ideas would also...
Apache Syncope, an open-source identity management system, has been found vulnerable to remote code execution (RCE) through its Groovy scripting feature, as detailed in CVE-2025-57738. This flaw affects versions prior to 3.0.14 and 4.0.2, where administrators can upload malicious Groovy code that runs with the full privileges of the Syncope Core process. Discovered by security
arXiv:2510.16128v1 Announce Type: new Abstract: Generative AI risks such as bias and lack of representation impact people who do not interact directly with GAI systems, but whose content does: indirect users. Several approaches to mitigating harms to indirect users have been described, but most require top down or external intervention. An emerging strategy, prompt injections, provides an empowering alternative: indirect users can mitigate harm against them, from within their own content. Our...
arXiv:2510.16078v1 Announce Type: new Abstract: We present a practical match-on-card design for face verification in which compact 64/128-bit templates are produced off-card by PCA-ITQ and compared on-card via constant-time Hamming distance. We specify ISO/IEC 7816-4 and 14443-4 command APDUs with fixed-length payloads and decision-only status words (no score leakage), together with a minimal per-identity EEPROM map. Using real binary codes from a CelebA working set (55 identities, 412 images),...
arXiv:2510.16067v1 Announce Type: new Abstract: Static, long-lived credentials for workload authentication create untenable security risks that violate Zero-Trust principles. This paper presents a multi-cloud framework using Workload Identity Federation (WIF) and OpenID Connect (OIDC) for secretless authentication. Our approach uses cryptographically-verified, ephemeral tokens, allowing workloads to authenticate without persistent private keys and mitigating credential theft. We validate this...
Understand the differences between Social and Enterprise Connections to choose the right identity provider for your application.
Is there a way to get a list of hosts with their assigned users? When I go to an account in Identity protection, I can see users with their endpoints, but I dont see that association in host management. I am trying to get a list of all endpoints that still has Windows 10, and I know I can do that in host management, but I want to also have the user's name in the CSV file. submitted by /u/rettttttt [link] [comments]
submitted by /u/JadeLuxe [link] [comments]
arXiv:2508.02543v2 Announce Type: replace Abstract: Nicknames for Group Signatures (NGS) is a new signature scheme that extends Group Signatures (GS) with Signatures with Flexible Public Keys (SFPK). Via GS, each member of a group can sign messages on behalf of the group without revealing his identity, except to a designated auditor. Via SFPK, anyone can create new identities for a particular user, enabling anonymous transfers with only the intended recipient able to trace these new identities....
We've been saying "Never trust, always verify" for more than a decade - but most of our industry still hasn't clearly defined what "verify" actually means. The original Zero Trust model (per NIST SP 800-207) focused on network segmentation, identity enforcement, and continuous authentication. That's all necessary - but it's not sufficient. Because even if you know who is connecting and where they're connecting from... you still don't know what state that system is in. And that's the gap...
Cybersecurity has made remarkable strides over the past decade. We have seen the rise of AI-driven threat detection, cloud-native architecture, and real-time analytics. But amid all this innovation, one critical...
The danger isn't that AI agents have bad days - it's that they never do. They execute faithfully, even when what they're executing is a mistake. A single misstep in logic or access can turn flawless automation into a flawless catastrophe. This isn't some dystopian fantasy - it's Tuesday at the office now. We've entered a new phase where autonomous AI agents act with serious system privileges. They
I've worked in tech sales for a decade (Appsec, firewalls, identity and segmentation). Prior to that, cyber recruitment. I've always worked closely with HoD's and CISO's and the one constant is always a short budget and a long list of projects / priorities. When I look at how companies buy - You have vendors, selling into distribution, distribution onto partners and then onto customers. The end price seems so bloated! Everyone in that chain is incentivised to sell you as much as possible, for...
arXiv:2510.14708v1 Announce Type: new Abstract: The Internet of Medical Things (IoMT) has revolutionized healthcare by transforming medical operations into standardized, interoperable services. However, this service-oriented model introduces significant security vulnerabilities in device management and communication, which are especially critical given the sensitivity of medical data. To address these risks, this paper proposes SLIE (Secure and Lightweight Identity Encryption), a novel...
Hi everyone, This isn't a corporate blog, but seemed like the most appropriate flair - mods don't hurt me pls.. Myself and my team working have recently added SCIM support and integrations with identity providers (IdPs) to allow you to control access to MCP servers using SSO as part of our wider MCP gateway and MCP management platform ( MCP Manager ). This is part of our continued work with our clients to create functionality, and security, observability, and deployment solutions that make it...
What Zero-Trust platforms are people here actually using and seeing results from? Every vendor claims to have it figured out but it's hard to tell what's real and what's just buzzwords. I've been reading a few comparisons, including the new Forrester Wave report on Zero-Trust platforms for 2025 but I'm way more interested in what's happening on the ground. Which approach worked best for your org identity-first, network-first or a hybrid setup? What went smoothly, what turned into a nightmare...