GigaTap articles tagged Identity Security.
- Push MFA Is the Weak Link Attackers Keep Pressing - Prompt bombing does not break MFA. It exploits weak MFA design, stolen passwords, and a user asked to approve a login with too little context.
- Edge appliances are now identity risk - Microsoft’s incident write-up shows an exposed F5 BIG-IP edge appliance becoming the entry point for Linux access, SaaS compromise, and identity abuse.
- AD Password Policy: Stronger Without User Friction - Strong AD password policy now means longer passphrases, breached-password blocking, usable recovery, and clear user feedback.
- Akamai Signals in Auth0: Edge Risk Meets Login Control - Auth0’s Akamai Supplemental Signals support lets teams use edge bot and account-risk telemetry inside identity flows for MFA, registration denial, and more
- AWS Managed AD gets API-driven identity controls - AWS now lets teams manage AWS Managed Microsoft AD users and groups through Directory Service Data APIs. The useful shift is not just automation, but faste
- Identity Checks Need Device Trust Too - Stolen sessions and compromised endpoints can make valid logins look safe. Device verification helps close that gap, but it is not a silver bullet.
- Storm-2949 shows how identity becomes the cloud perimeter - Microsoft says Storm-2949 used stolen credentials to turn identity compromise into a cloud-wide breach without malware. The lesson is narrow but important:
- BlackFile shows how vishing turns SSO into an extortion path - GTIG says UNC6671 uses live vishing, AiTM credential capture, and SaaS access to steal corporate data. The weak point is identity workflow, not a vendor CV
- Canvas portals defaced again — the real risk is user trust - ShinyHunters is reported to have breached Instructure again, exploiting a vulnerability to deface Canvas login portals for hundreds of institutions. What’s
- Vercel breach, Mythos bugs, and the security backlog crunch - Risky Business #834 links a Vercel incident, Mythos-found Firefox bugs, and NIST triage limits into one story: identity compromise stays easy, and vulnerability volume keeps rising.