Smallstep

We've created a lightweight Okta® SSO integration for device identity, that offers the strongest possible guarantee that your Okta apps are only available on trusted devices. Now you can lock down your most sensitive resources with next-gen device authentication🔒 But how does it work? 🤔 Our cross-platform desktop application issues every authorized device a cryptographic ID that’s bound to a device’s silicon. Unlike a security token or a key file, it cannot be brought to another device. This feature strongly constrains any attack surface area involving sensitive resources. 👉 Check out the demo from Carl Tashian on the Smallstep blog: https://hubs.ly/Q02Mbl4t0 If you'd like to speak with someone on our team to learn more about how this solution ups your game from the standard Okta Device Identity, reach out to us! https://lnkd.in/gXA6RekK

Find Cass, Michael Malone , Ted Malone or Brandon Batten to meet up at Black Hat today or tomorrow in Vegas! 🎰

We have news 👀 Smallstep has officially adopted the Go SCEP protocol library from our friends at MicroMDM, for innovative certificate issuance & enhancing security with ACME and Device Attestation. This transition means the library will continue to be maintained for all who rely on it 🙌 ⭐ You can find the new repo here: https://hubs.ly/Q02H9yg10 Since taking on the library, we have made some notable updates: ✅ Switched to using smallstep/pkcs7, which is a fork of the archived https://hubs.ly/Q02H9yzz0 package, meaning that the core cryptographic primitives are now being maintained again. ✅ Adhere to Go standard library crypto interfaces where possible, for better interoperability with other code ✅ Introduced more consistent error messages ✅ Removed unnecessary third party dependencies ✅ Improved CI flows, with additional Go linters, and automated dependency updates using Dependabot Check out the official announcement from MicroMDM here: https://hubs.ly/Q02H9HmZ0

Are you headed to Black Hat or DEF CON in Las Vegas? We want to connect with you! 🎰 Smallstep will be at Black Hat USA 2024 from August 6-8 and DEF CON 32 from August 8-11. You can meet the team, get a demo, and learn about our latest product developments and strategic partnerships... but really, we are mostly excited to have some fun and geek out with you over the latest CyberSec tech! 😉 Put your name on the list to receive event updates and where you can find us here: https://lnkd.in/gHyyyhet

We're happy to have partnered with Scarf to unlock this amazing insight! #Fortune100

Exciting news! 🌟 78 of the Fortune 100 companies are actively using Smallstep's open-source software. Now, we're thrilled to offer commercial versions for companies looking to access Smallstep software as a managed service from the experts who created it. 🚀 Don't miss out on this opportunity to take your business to the next level with our top-notch PKI and Device Identity solutions. Learn more at smallstep.com or read the press release here - https://lnkd.in/ghuT6qpF p.s. Coming to RSA 2024 next week? Meet with us - https://lnkd.in/g5MubdJP

Exciting news! 🌟 78 of the Fortune 100 companies are actively using Smallstep's open-source software. Now, we're thrilled to offer commercial versions for companies looking to access Smallstep software as a managed service from the experts who created it. 🚀 Don't miss out on this opportunity to take your business to the next level with our top-notch PKI and Device Identity solutions. Learn more at smallstep.com or read the press release here - https://lnkd.in/ghuT6qpF p.s. Coming to RSA 2024 next week? Meet with us - https://lnkd.in/g5MubdJP

Be sure to tune in!

Cisco notes password-spray attacks on VPN services. Attackers use same password across multiple accounts. Recommendations include improving incident analysis, blocking unauthorized access, and certificate-based authentication. Likely linked to Brutus botnet, possibly exploiting undisclosed breach or zero-day vulnerability. Connect your security strategy with Smallstep Labs. We automate certificate management, enable encryption, integrate with your existing infrastructure and provide effective audit logs and alerts. Trust us to make security accessible and future-proof! #SecureWithSmallstep https://hubs.ly/Q02rp8k90

Urgent! Linux distros impacted by backdoored XZ Utils Library versions! IBM warns about unauthorized remote access due to malicious code (CVE-2024-3094). Affects XZ Utils versions 5.6.0 and 5.6.1. The breach interferes with SSH via systemd software suite, risking remote system intrusion. Discovered by Microsoft's Andres Freund, code introduced to Tukaani Project's GitHub by JiaT75. Compromised repo now disabled. No exploitation reports yet. Packages found in Fedora 41 and Fedora Rawhide but not Red Hat, Amazon Linux, Debian stable, SUSE Linux. Cybersecurity recommendation is to downgrade XZ Utils to uncompromised version. Smallstep's robust, automated security platform minimizes such risks. #StaySecureWithSmallstep https://hubs.ly/Q02rkffs0