Angelo Di Maggio
@dimaggioIdentity Management Architect. Passionate about identity, federation, zero trust security, and passwordless. Dad. Reader. Learner.
Similar User
@IdentityMonk
@dorongrinstein
@scotttomilson
@Identitry
@esesve
@ashmotiwala
@stevetout
@identityman1
Boom. Love it. I’d offer that the details are light given the timelines though.
Folks, there is an update with additional details on the Microsoft will require MFA for all Azure users post. Here's a quick summary. ✅ Scope → Azure Portal → CLI → PowerShell → Terraform to administer Azure resources 👥 Impact on end users The following will be impacted…
Really happy to see Microsoft Entra conditional access policies providing broader support (OIDC & SAML apps) for the every time flag. Full appreciate the potential friction, MFA fatigue but feels like this can be powerful capability if used appropriately. learn.microsoft.com/en-us/entra/id…
One of the easiest ways for me to hack is simply: 1. Look up who works at a org on LinkedIn 2. Call Help Desk (spoof phone number of person I’m impersonating) 3. Tell Help Desk I lost access to work account & help me get back in I hope we learn more & get confirmation of methods
All ALPHV ransomware group did to compromise MGM Resorts was hop on LinkedIn, find an employee, then call the Help Desk. A company valued at $33,900,000,000 was defeated by a 10-minute conversation.
Love the simplicity of this feature when compared to adding the Windows accounts browser extension to Chrome browsers. Seamless SSO + Device Compliance Support
Lots of interest in phishing resistant Authenticators to protect critical infrastructure and services. Adaptive, risk-based policy engine coupled with strong forms of authentication is always expensive / excessive until it’s not enough.
Phishing kits are software developed to aid threat actors in harvesting #credentials and quickly capitalizing on them. Most of these kits have been around for years so why the renewed interest? #credentialtheft #phishkit @threatinsight ow.ly/gw3X50HLJsg
👀
Phishing kits are software developed to aid threat actors in harvesting #credentials and quickly capitalizing on them. Most of these kits have been around for years so why the renewed interest? #credentialtheft #phishkit @threatinsight ow.ly/gw3X50HLJsg
Great weekend reading from @markmorow The AAD TLS deprecation is coming up and generally believe the new queries are awesome but should have been provided earlier. If I had to add another article for weekend reading look up basic auth depreciation starting in Oct 2022.
Reblog: My holiday cybersec guide to help your parents: blog.erratasec.com/2017/11/your-h…
Solid thread providing visibility of the opportunity for Okta + Auth0
If you missed #Showcase21 live last week…you can catch all the content on demand here ➡️ bit.ly/3DQVYBp Or read this thread from @colegrolmus ⬇️
Great discussion on digital identity, authentication, convenience, self-custody and wallets.
My conversation with @Nneuman, CEO of Casa - past, present, and future of asset custody - banking - private keys as a technology - ownership & digital identity I’ve been trying to wrap my mind around self-custody, and Nick is a great guide Enjoy! joincolossus.com/episodes/73084…
Passwords are a pain, risk and liability. #Passwordless #FIDO hackread.com/hackers-dump-f…
While I’m a fan of Authenticator apps and mobile push happy to see FIDO security keys make it into Wirecutter nytimes.com/wirecutter/rev…
Some powerful adaptive authentication engine capabilities - GPS and IPv6 support, endpoint scoping, & very welcomed search/sort capability techcommunity.microsoft.com/t5/azure-activ…
Somehow missed this document on building zero trust ready apps but touches on some critical themes - most of which don’t get enough attention-user consent, securing access to APIs, MFA / Passwordless, authentication libraries, CAEP, and protecting secrets. docs.microsoft.com/en-us/security…
SMS was never designed / intended to be secure. Another reason to stop using it.
SMS was already the weakest link securing just about anything online. Now we’re learning about an entire ecosystem of companies that anyone could use to silently intercept texts intended for other mobile users. Can we stop pretending SMS is okay now? krebsonsecurity.com/2021/03/can-we…
United States Trends
- 1. Remy 25,6 B posts
- 2. YouTube TV 96,4 B posts
- 3. $PHNIX 6.695 posts
- 4. $LINGO 38,1 B posts
- 5. $CUTO 8.556 posts
- 6. NYSE 39,1 B posts
- 7. Claressa 6.777 posts
- 8. Person of the Year 171 B posts
- 9. Eazy 4.141 posts
- 10. New York Stock Exchange 63,7 B posts
- 11. Our Lady of Guadalupe 8.248 posts
- 12. #thursdayvibes 4.434 posts
- 13. Zuck 6.070 posts
- 14. Man of the Year 31,9 B posts
- 15. Time Magazine 78,7 B posts
- 16. YTTV N/A
- 17. #PlayStationWrapUp2024 N/A
- 18. Good Thursday 36,7 B posts
- 19. Cutoshi Farming N/A
- 20. #ThursdayThoughts 2.690 posts
Something went wrong.
Something went wrong.