Safeguard
Tag

identity-security

Safeguard articles tagged "identity-security" — guides, analysis, and best practices for software supply chain and application security.

33 articles

Best Practices

The four pillars every enterprise security program needs

Identity, patching, segmentation, and logging aren't a checklist — they're the four controls that determine whether a breach stays contained or becomes Log4Shell.

Jul 8, 20266 min read
Application Security

SAML SSO vulnerabilities: signature wrapping and assertion replay explained

A 2024 ruby-saml flaw (CVE-2024-45409, CVSS 9.8) let attackers forge SAML assertions and log in as any user, including admins — seven years after the same bug class was first disclosed.

Jul 8, 20266 min read
Cloud Security

AWS IAM Security Best Practices: A 2026 Field Guide

IAM is where most AWS breaches actually happen. This field guide covers least privilege, role assumption, permission boundaries, and the policy patterns that keep blast radius small.

Jul 3, 20265 min read
Threat Intelligence

Stryker Wiper Attack: When Hacktivists Used Intune to Brick 200,000 Medtech Devices

An Iran-aligned group used a compromised admin account and Microsoft Intune to factory-reset roughly 200,000 of Stryker's devices in real time. The lesson is uncomfortable: your management plane is your biggest single point of failure.

Jun 21, 20267 min read
Infrastructure Security

Applying least privilege IAM in cloud-native environments

Least privilege IAM fails in practice because permissions are granted for convenience and rarely revoked. Here's how to fix that at cloud scale.

Jun 15, 20267 min read
Data Breach

Carnival Data Breach (May 2026): 5.99M Records Lost via Salesforce Social Engineering

Carnival confirmed a breach affecting nearly 6 million people on May 28, 2026, after an attacker socially engineered an employee into granting access to its IT environment. Here is the verified chain and what defenders should do.

May 28, 202611 min read
Identity Security

FBI Warns on Kali365: A PhaaS Kit That Steals M365 OAuth Tokens and Bypasses MFA (May 2026)

The FBI's May 21, 2026 IC3 advisory details Kali365, a Telegram-distributed phishing-as-a-service kit that uses device-code phishing to capture Microsoft 365 access and refresh tokens, granting password-free, MFA-immune persistence.

May 22, 202611 min read
Social Engineering

The 'Code of Conduct' Phishing Wave: AiTM Token Theft Hit 13,000 Orgs (May 2026)

Microsoft detailed a polished phishing campaign that weaponized fake HR 'code of conduct' investigations to steal session tokens via adversary-in-the-middle proxies, bypassing MFA across 13,000+ organizations in 26 countries.

May 13, 202611 min read
Incident Analysis

The Vercel Breach: A Forgotten OAuth Grant Became a SaaS Supply-Chain Pivot (May 2026)

An infostealer infection at AI startup Context.ai let attackers reuse a Vercel employee's months-old Google Workspace OAuth grant to bypass MFA and exfiltrate customer environment variables. Disclosed April 2026, the fallout deepened through May.

May 12, 202612 min read
Incident Analysis

Okta Cross-Tenant Impersonation 2024

Okta's cross-tenant impersonation advisory and related social-engineering campaigns exposed how identity providers get targeted. Lessons for defenders.

Mar 26, 20268 min read
Identity Security

SPIFFE/SPIRE identity

What is SPIFFE/SPIRE? A plain-language breakdown of the SPIFFE identity framework, SPIRE workload identity, SVIDs, and how it compares to plain mTLS.

Mar 2, 20267 min read
Identity Security

SVID (SPIFFE Verifiable Identity Document)

An SVID (SPIFFE Verifiable Identity Document) is a cryptographic identity for software workloads. Learn what an SVID is, its X.509 and JWT formats, and how it works.

Mar 2, 20267 min read
identity-security — Safeguard Blog