Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Digital Identity

EP 50 - Adversarial AI's Advance

In the 50th episode of the Trust Issues podcast, host David Puner interviews Justin Hutchens, an innovation principal at Trace3 and co-host of the Cyber Cognition podcast (along with CyberArk’s resident Technical Evangelist, White Hat Hacker and Transhuman Len Noe). They discuss the emergence and potential misuse of generative AI, especially natural language processing, for social engineering and adversarial hacking.

Simplifying Identity Management: The Power of Identity Federation

Managing identities across multiple applications has become increasingly complex for businesses of all sizes. This complexity intensifies as organizations expand, underscoring the critical need for efficient identity management solutions. BoxyHQ's Identity Federation Proxy rises to this challenge by offering a robust solution that streamlines user identity management across all customer-facing applications, irrespective of their diverse configurations or Identity Provider (IdP) protocols.

The Growing Challenge of Fraud in Neobanking: Strategies for Protection (2024 Guide)

Neobanks, which operate exclusively online without traditional physical branch networks, are facing an increasingly challenging landscape due to a significant rise in fraud cases. In recent years, financial institutions have reported a marked increase in fraudulent activities, with the average cost of fraud for institutions with assets over $5 billion rising by 65% from $2.3 million in 2022 to $3.8 million in 2023.

Understanding APIs and How Attackers Abuse Them to Steal Data

Simply put, APIs (short for application programming interface) are how machines, cloud workloads, automation and other non-human entities communicate with one another. They also represent an access point to highly sensitive company data and services. Almost every organization uses these machine interfaces, and their usage is only growing because they are essential to digital transformation and automation initiatives.

CrowdStrike Extends Identity Security Capabilities to Stop Attacks in the Cloud

Two recent Microsoft breaches underscore the growing problem of cloud identity attacks and why it’s critical to stop them. While Microsoft Active Directory (AD) remains a prime target for attackers, cloud identity stores such as Microsoft Entra ID are also a target of opportunity. The reason is simple: Threat actors increasingly seek to mimic legitimate users in the target system. They can just as easily abuse identities from cloud identity providers as they can in on-premises AD environments.

Identity Management Day: Protecting your digital footprint

Identity Management Day occurs on the second Tuesday of April, April 9 this year. It was established by the Identity Defined Security Alliance in 2021 in collaboration with the National Cybersecurity Alliance. Its primary aim is to heighten awareness about the risks associated with the lax or incorrect handling of digital identities. Effective identity management practices help prevent identity theft, fraud, and data breaches, which can have devastating consequences for both individuals and organizations.

Cookies Beyond Browsers: How Session-Based Attacks Are Evolving

In the past few years, we have witnessed a significant shift in the attack landscape, from stealing clear text credentials to targeting session-based authentication. This trend is driven by the proliferation of multi-factor authentication (MFA), which makes it harder for attackers to compromise accounts with just passwords.

Uncovering identity threats: Lessons learned from a real-life data breach

Every IT admin, regardless of the company size or employee count, shares a common fear: data breaches. The horror of discovering their organization’s data exposed on the dark web, accessible to anyone, is definitely a nightmare. So, IT admins are on the constant lookout for leading solutions that protect access to organization data and manage employee identities effectively. But where does the real challenge lie? In managing the employee identities, or their access to data?