News of the day:
- New identity security capabilities from Silverfort. Silverfort added Access Intelligence and Identity Graph & Inventory capabilities to its identity security platform. The two capabilities close a longstanding market gap, delivering unmatched observability into the entire identity fabric. This includes identity storylines, effective privileges, and actual user access to resources across hybrid environments. The two key innovations being introduced today are transforming how teams understand, investigate, and mitigate identity and access risks. Access Intelligence offers end-to-end access visibility, least privilege intelligence, and identification of excess licenses. Identity Graph & Inventory visually shows relationships between users, identities and resources for risk analysis. Silverfort
- Industry reports from Hack the Box. Hack the Box published three sector-specific reports on healthcare, financial services, and MSSPs. Key assertion: compliance measures don’t show true cybersecurity readiness, and more is needed. The reports analyze performance data from over 4,500 cybersecurity professionals across 795 security teams worldwide, encompassing 40 practical challenges. The data shows persistent skills gaps that undermine organizations and specialized providers, leaving critical systems vulnerable, even in sectors subject to high regulatory scrutiny. For example, the MSSP report highlights that while service providers scale monitoring and incident response effectively, they struggle with prevention and adversary emulation, capabilities critical for protecting client environments against advanced threat actors. Hack the Box
- F5 compromised since late 2023. F5 has been breached by state-backed hackers since late 2023. Cybersecurity experts say the primary concern with the breach is that the hackers may have used the stolen source code [for F5’s products] to look for or develop ways to silently surveil and manipulate the traffic flowing through those devices or to shut them down entirely. Bloomberg
- Dashlane and Yubico for secure vault access. Dashlane worked with Yubico so users of its credential manager can use FIDO2 security keys as the primary method of accessing their credential vaults, not a password. Instead of using the security key as an authentication factor, the WebAuthn PRF extension enables the YubiKey to both authenticate the user and unlock the vault. This is achieved by securely generating a strong, cryptographically unique-secret intrinsically bound to the passkey, which is then used as a critical input to the key derivation function that generates the final vault encryption/decryption key. This powerful mechanism facilitates a seamless, phishing-resistant, and entirely passwordless flow that dramatically enhances usability, security and user privacy. Users can register multiple YubiKey’s for recovery and resilience. Yubico