Personal Tech Microsoft Authenticator to nuke Entra creds on rooted and jailbroken phones Warning, lockout, then wipe if your device trips detection
AI + ML Cisco decides its homegrown AI model is ready to power its products Apparently you’re about to get better advice on any identity issues lurking in your infrastructure
AI + ML How to answer the door when the AI agents come knocking Identity management vendors like Okta see an opening to calm CISOs worried about agents running amok
Security This free IGA tool boosts your identity security Here are five ways tenfold's free IGA solution helps you streamline identity governance and access control.
Personal Tech Locked out of your Gmail account? Google says phone a friend Recovery feature lets trusted contacts help you get back in when other methods fail
Security One token to pwn them all: Entra ID bug could have granted access to every tenant Until Microsoft lobbed it into a virtual volcano
Cyber-crime Salesforce data missing? It might be due to Salesloft breach, Google says Attackers steal OAuth tokens to access third-party sales platform, then CRM data in 'widespread campaign'
Security McDonald's not lovin' it when hacker exposes nuggets of rotten security Burger slinger gets a McRibbing, reacts by firing staffer who helped
Security The cost of compromise: Why password attacks are still winning in 2025 Poor password management is responsible for thousands of data breaches, but it doesn’t have to be this way.
Public Sector China approves rules for national ‘online number’ ID scheme PLUS: Original emoji retired; Xiaomi's custom silicon; Pakistan dedicates 2,000 MW to AI and crypto
Patches April's Patch Tuesday leaves unlucky Windows Hello users unable to login Can't Redmond ask its whizz-bang Copilot AI to fix it?
Security Why the long name? Okta discloses auth bypass bug affecting 52-character usernames Mondays are for checking months of logs, apparently, if MFA's not enabled
Devops Deadline looms: Google Workspace mandates OAuth by September 30 27 days to get your users' third-party apps on Google’s sign-in
Security Microsoft, Google do a victory lap around passkeys Windows giant extends passwordless tech to everyone else
Devops Twilio reminds users that Authy Desktop apps die in March – not in August 'This is an excellent way to piss off thousands of developers'
Sysadmin Month Microsoft's security roadmap: Protect secrets in Azure DevOps You can’t steal what you can’t access ... we hope
CSO Modern Auth comes to on-prem Exchange Server gear Guess this'll have to do while we wait for *checks notes* ES 2025
SaaS Microsoft switches gears, keeps Exchange Online's CARs around until Sept 2024 At least Redmond listens to some customers
Security French parliament says oui to AI surveillance for 2024 Paris Olympics Liberté, égalité, reconnaissance faciale for all
OSes Microsoft freaks out users with Windows 11 warning: 'LSA protection is off' Alerts telling folks their 'device may be vulnerable' triggered by KB5007651
Security Attackers abuse Microsoft’s 'verified publisher' status to steal data Malicious OAuth apps were the tickets into victims' systems
CSO Microsoft locks door to default guest authentication in Windows Pro Bringing OS version into sync with Enterprise and Education editions
Security Crooks copy source code from Okta’s GitHub repository The hack wraps up a year of bad security incidents for identity
Patches Windows Server domain controllers may stop, restart after recent updates Microsoft outlines a workaround while pulling together a fix to LSASS memory leak
Patches Microsoft's attempts to harden Kerberos authentication broke it on Windows Servers Emergency out-of-band updates to the rescue
CSO Microsoft to kill off old access rules in Exchange Online Awoooogah – this is your one-year warning to switch over, enterprises
PaaS + IaaS Oracle Cloud at one point would let you access any other customer's data chmod a+rw at hyperscale
OSes Microsoft: The deadline to get off Basic Auth is approaching Exchange Online face Halloween deadline
Cyber-crime FBI: Look out, crooks stole $1.3b in cryptocurrency in just three months this year DeFi, as in, defying belief
Cyber-crime LockBit gang hit by DDoS attack after threatening to leak Entrust ransomware data Prolific group pummeled days after claiming to be file thief behind attack on cybersecurity vendor
Security DataDome looks to CAPTCHA the moment with test of humanity that doesn't hurt As the verification technology weathers ongoing criticism from users, one anti-bot security vendor rolls out its own tool
CSO Mergers and acquisitions put zero trust to the ultimate test Bypasses an arduous integration process with right security footing from the start
Networks Zero Trust: What does it actually mean – and why would you want it? 'Narrow and specific access rights after authentication' wasn't catchy enough
CSO Start using Modern Auth now for Exchange Online Before Microsoft shutters basic logins in a few months
Cyber-crime DeadBolt ransomware takes another shot at QNAP storage Keep boxes updated and protected to avoid a NAS-ty shock
Security Vehicle owner data exposed in GM credential-stuffing attack Car maker says miscreants used stolen logins to break into folks' accounts
CSO Patch your VMware gear now – or yank it out, Uncle Sam tells federal agencies Critical authentication bypass revealed, older flaws under active attack
Security GitHub to require two-factor authentication for code contributors by late 2023 Code locker has figured out it's a giant honeypot for miscreants planning supply chain attacks
Security Threat group builds custom malware to attack industrial systems US security agencies say the tools can give hackers control of ICS and SCADA devices
Security HCL and HP named in unflattering audit of India’s biometric ID system Same biometric used for different people, no archives, lousy infosec among the issues
Security Russia-linked attackers breach NGO by exploiting MFA, PrintNightmare vuln Patch flaws and enforce authentication policies, CISA and FBI warn
Security Azure flaw allowed users to control others' accounts AutoWarp security hole wasn't exploited – though researchers saw a way into a bank and a telco
Security The zero-password future can't come soon enough SpyCloud highlights poor password hygiene of consumers and the threat to enterprises
Security Silk could tie up all-but-unbreakable encryption, say South Korean boffins At last, a worm that improves security
