Emile Antone

Obsidian Security

Security teams are responsible for protecting sensitive business data as it spreads across a complex network of SaaS applications. Managing vast amounts of data stored in these applications has become increasingly difficult. While organizations commonly use central platforms such as Salesforce, Workday, Google Workspace, and Microsoft 365, numerous custom-built applications ... Read More

On October 18, 2023, ServiceNow acknowledged a potential security issue stemming from misconfigurations of Simple List, a widget used simply to retrieve and display data within the Service Portal. This particular vulnerability had been discovered and documented a few days prior by security engineer Aaron Costello through an in-depth blog ... Read More

The Okta breach disclosed earlier this month served as another reminder of the devastating impact of a session token compromise. This technique is nothing new—it’s something we’ve been discussing for years in our content and with a dedicated blog series.  Nevertheless, we continue to see session token compromise leveraged in ... Read More

In recent investigations, the Obsidian Threat Research team has observed multiple instances of cross-tenant impersonation used to establish persistence and escalate user privileges within Okta environments. This technique poses a significant risk to organizations that rely on Okta for identity management, as it allows attackers to access and impersonate any ... Read More

The migration to SaaS has resulted in the distribution of valuable data across a number of highly decentralized cloud applications. While the security impact of this shift can be felt across all sectors, it weighs particularly heavily on healthcare—an industry which has long been a primary target for cyberattacks. Whether ... Read More

The Obsidian Threat Research team has determined an uptick in SaaS compromises where the initial access vector is social engineering of a helpdesk agent. Fortunately, threat actors tend to follow a predictable pattern when leveraging this attack technique.  In this blog post, we’ll unpack the distinct phases of these attacks, ... Read More

SINET, a leading body in cybersecurity innovation, has named Obsidian Security a winner of its annual SINET16 Innovators Award.  This recognition celebrates companies at the forefront of cybersecurity innovation, leveraging technology-driven solutions to tackle cyber threats and vulnerabilities. Obsidian Security is among 16 winners chosen from a pool of 195 ... Read More

Introduction In the past decade, the seismic shift in business processes brought on by the explosion of SaaS platforms has been palpable. Accelerated by the pandemic and the consequential mandatory work-from-home protocols, businesses and their security teams are constantly grappling with an ever-evolving digital landscape. As an astrophysicist with a ... Read More

Introduction In the past decade, the seismic shift in business processes brought on by the explosion of SaaS platforms has been palpable. Accelerated by the pandemic and the consequential mandatory work-from-home protocols, businesses and their security teams are constantly grappling with an ever-evolving digital landscape. As an astrophysicist with a ... Read More

With the SaaS market on pace to grow by nearly 19 percent annually and become a $900 billion dollar industry by 2030, it’s easy to see why SaaS applications and ecosystems have become such attractive targets for bad actors to exploit. Several recent breaches such as CircleCI and MOVEit have ... Read More