LMG Security<p>Non-Human Identities: The Hidden Risk in Your Stack</p><p>Non-human identities (NHIs)—like API keys, service accounts, and OAuth tokens—now outnumber human accounts in many enterprises. But are you managing them securely? With 46% of organizations reporting compromises of NHI credentials just this year, it’s clear: these powerful, often-overlooked accounts are the next cybersecurity frontier.</p><p>Read The Hacker News article for more details: <a href="https://thehackernews.com/2025/06/the-hidden-threat-in-your-stack-why-non.html" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">thehackernews.com/2025/06/the-</span><span class="invisible">hidden-threat-in-your-stack-why-non.html</span></a></p><p><a href="https://infosec.exchange/tags/IdentitySecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>IdentitySecurity</span></a> <a href="https://infosec.exchange/tags/CyberRisk" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>CyberRisk</span></a> <a href="https://infosec.exchange/tags/APIsecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>APIsecurity</span></a> <a href="https://infosec.exchange/tags/NHIs" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>NHIs</span></a> <a href="https://infosec.exchange/tags/DevSecOps" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>DevSecOps</span></a> <a href="https://infosec.exchange/tags/IAM" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>IAM</span></a> <a href="https://infosec.exchange/tags/CISO" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>CISO</span></a> <a href="https://infosec.exchange/tags/Cybersecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Cybersecurity</span></a> <a href="https://infosec.exchange/tags/MachineIdentities" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>MachineIdentities</span></a> <a href="https://infosec.exchange/tags/ZeroTrust" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>ZeroTrust</span></a> <a href="https://infosec.exchange/tags/RiskManagement" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>RiskManagement</span></a> <a href="https://infosec.exchange/tags/Infosec" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Infosec</span></a> <a href="https://infosec.exchange/tags/IT" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>IT</span></a> <a href="https://infosec.exchange/tags/ITsecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>ITsecurity</span></a></p>
med-mastodon.com is one of the many independent Mastodon servers you can use to participate in the fediverse.
Medical community on Mastodon
Administered by:
Server stats:
335active users
med-mastodon.com: About · Profiles directory · Privacy policy
Mastodon: About · Get the app · Keyboard shortcuts · View source code · v4.4.3
#identitysecurity
0 posts · 0 participants · 0 posts today
0x40k<p>Alright folks, just stumbled across a report saying identity theft is *still* the biggest reason for data breaches. Crazy, right? 🤯 We're talking phishing, man-in-the-middle attacks, even getting around multi-factor authentication... it's all happening.</p><p>And honestly, reacting after the fact? That's a seriously expensive headache, and often doesn't even fix the problem. Way better to have secure-by-design solutions in place – stopping those attacks before they even *start*.</p><p>You know, I've always thought security needs to be baked in from the very beginning. I get that clients often want things done fast and cheap, but let's be real: security isn't just a nice-to-have. It's a *must-have*. Period.</p><p>So, what are your thoughts? Shouldn't security be a much bigger focus, especially during development? I'm curious to hear what you all think! Hit me up in the comments below.</p><p><a href="https://infosec.exchange/tags/infosec" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>infosec</span></a> <a href="https://infosec.exchange/tags/pentest" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>pentest</span></a> <a href="https://infosec.exchange/tags/identitysecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>identitysecurity</span></a> <a href="https://infosec.exchange/tags/phishing" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>phishing</span></a> <a href="https://infosec.exchange/tags/cybersecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>cybersecurity</span></a></p>
Nishant Kaushik<p>I guess going from being the new perimeter to being the essential ingredient in pretty much everything is a step up. Right? Trust <span class="h-card" translate="no"><a href="https://infosec.exchange/@mikekiser" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>mikekiser</span></a></span> to find a way to tell a (<a href="https://infosec.exchange/tags/identity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>identity</span></a>) story that will leave you wanting more.</p><p><a href="https://infosec.exchange/tags/IdentitySecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>IdentitySecurity</span></a><br><a href="https://www.cpomagazine.com/cyber-security/what-do-identity-security-and-an-edible-rock-have-in-common-quite-a-bit-it-turns-out/" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://www.</span><span class="ellipsis">cpomagazine.com/cyber-security</span><span class="invisible">/what-do-identity-security-and-an-edible-rock-have-in-common-quite-a-bit-it-turns-out/</span></a></p>
Eric Woodruff [MS MVP] :donor:<p>I've finally, as an overcommitted individual, uploaded my slides from my presentation at <span class="h-card" translate="no"><a href="https://infosec.exchange/@BlueTeamCon" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>BlueTeamCon</span></a></span>, "Building yourself into a stronger identity practitioner" to my GH repo.</p><p>The associated blog article with more details on resources for each slide will be coming out later this week/early next week, so stay tuned!</p><p><a href="https://infosec.exchange/tags/identity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>identity</span></a> <a href="https://infosec.exchange/tags/identitysecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>identitysecurity</span></a> <a href="https://infosec.exchange/tags/infosec" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>infosec</span></a> <a href="https://infosec.exchange/tags/infosecjobs" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>infosecjobs</span></a> <a href="https://infosec.exchange/tags/career" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>career</span></a> <a href="https://infosec.exchange/tags/BlueTeamCon" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>BlueTeamCon</span></a> <a href="https://infosec.exchange/tags/BlueTeamCon2023" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>BlueTeamCon2023</span></a></p><p><a href="https://github.com/ericonidentity/talks/blob/main/Presentations/BTC%202023%20-%20Building%20Yourself%20Into%20a%20Stronger%20Identity%20Practitioner.pdf" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">github.com/ericonidentity/talk</span><span class="invisible">s/blob/main/Presentations/BTC%202023%20-%20Building%20Yourself%20Into%20a%20Stronger%20Identity%20Practitioner.pdf</span></a></p>
Jake Hildreth (acorn) :blacker_heart_outline:<p>The Locksmith Active Directory (AD) Certificate Services (CS) remediation tool has been updated: <a href="https://github.com/TrimarcJake/Locksmith" rel="nofollow noopener" target="_blank"><span class="invisible">https://</span><span class="ellipsis">github.com/TrimarcJake/Locksmi</span><span class="invisible">th</span></a></p><p>New features:<br>- Support for Restricted Admin Mode. If RAM is detected, Locksmith will ask to be re-run using the -Credential switch.<br>- If the AD Powershell module is not installed on Win 10/11, Locksmith will attempt to install it for you.<br> Note: previously only available on server-class OSes.<br>- New functions for checking user type and elevation status.<br>- Auto-generated snippets for ownership issues (a subset of ESC4/ESC5).<br>- Support for non-English Active Directory environments!</p><p>Next planned updates:<br>- Add individual CA Hosts to $SafeUsers using SIDs.<br>- Perform additional environment checks before attempting to run.<br>- Rename modes to something that makes sense.</p><p><a href="https://infosec.exchange/tags/IAM" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>IAM</span></a> <a href="https://infosec.exchange/tags/IdentitySecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>IdentitySecurity</span></a> <a href="https://infosec.exchange/tags/CertificateServices" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>CertificateServices</span></a> <a href="https://infosec.exchange/tags/ActiveDirectory" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>ActiveDirectory</span></a> <a href="https://infosec.exchange/tags/ActiveDirectoryCertificateServices" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>ActiveDirectoryCertificateServices</span></a> <a href="https://infosec.exchange/tags/ADCS" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>ADCS</span></a> <a href="https://infosec.exchange/tags/PKI" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>PKI</span></a> <a href="https://infosec.exchange/tags/Locksmith" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Locksmith</span></a> <a href="https://infosec.exchange/tags/OpenSource" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>OpenSource</span></a> <a href="https://infosec.exchange/tags/DefensiveSecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>DefensiveSecurity</span></a> <a href="https://infosec.exchange/tags/DefensiveSecurityTooling" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>DefensiveSecurityTooling</span></a> <a href="https://infosec.exchange/tags/Pizza" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Pizza</span></a></p>
Frank Paul Silye<p>Prepare yourself for a paradigm shift! Passwordless is more or less here.</p><p>For me the big question will be how multi-device authentication actually will work in real life - having devices running mac, windows, linux and iOS.</p><p>“There’s no password attacks when there’s no password present,” Alex Weinert, Microsoft’s director of identity security. </p><p><a href="https://w3c.social/@w3c/109710664595471515" rel="nofollow noopener" target="_blank"><span class="invisible">https://</span><span class="ellipsis">w3c.social/@w3c/10971066459547</span><span class="invisible">1515</span></a></p><p><a href="https://mastodon.babb.be/tags/password" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>password</span></a> <a href="https://mastodon.babb.be/tags/passwordless" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>passwordless</span></a> <a href="https://mastodon.babb.be/tags/passkeys" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>passkeys</span></a> <a href="https://mastodon.babb.be/tags/security" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>security</span></a> <a href="https://mastodon.babb.be/tags/mfa" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>mfa</span></a> <a href="https://mastodon.babb.be/tags/fido" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>fido</span></a> <a href="https://mastodon.babb.be/tags/WebAuthn" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>WebAuthn</span></a> <a href="https://mastodon.babb.be/tags/identitysecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>identitysecurity</span></a> <a href="https://mastodon.babb.be/tags/identitymanagement" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>identitymanagement</span></a></p>
TrendingLive feeds
Mastodon is the best way to keep up with what's happening.
Follow anyone across the fediverse and see it all in chronological order. No algorithms, ads, or clickbait in sight.
Create accountLoginDrag & drop to upload