Farah Iyer

Obsidian Security

Introduction Recently, we posted a blog discussing the complexity of enforcing Single Sign-On (SSO) within Salesforce and the frequent misconfigurations we encounter at Obsidian Security. A striking statistic from our observations: 60% of Obsidian’s customers initially have local access without Multi-Factor Authentication (MFA) configured for Salesforce. This is a significant ... Read More

SaaS breaches have increased 4x in the last year. We have seen a sequence of breaches that have impacted major SaaS vendors, such as Microsoft and Okta. Snowflake has been in the news recently due to attacks targeted at customer-owned systems. The common thread of these breaches is identity. The ... Read More

In the last year, we have seen a sequence of breaches that have impacted major SaaS vendors, such as Microsoft and Okta. Snowflake has been in the news recently due to attacks targeted at customer-owned systems.  As these risks rise, it is crucial for organizations to act swiftly and effectively ... Read More

Attackers can—and do—bypass Identity Providers (IdPs) like Okta, OneLogin, and Microsoft to access Salesforce directly. Salesforce is perhaps any organization’s most mature and integrated app containing highly sensitive data. And attackers know it—Salesforce was one of the six most targeted SaaS apps in 2023. Protecting your core business operations and ... Read More

Attackers can—and do—bypass Identity Providers (IdPs) like Okta, OneLogin, and Microsoft to access Salesforce directly. Salesforce is perhaps any organization’s most mature and integrated app containing highly sensitive data. And attackers know it—Salesforce was one of the six most targeted SaaS apps in 2023. Protecting your core business operations and ... Read More

While the goals of various adversary groups may not change drastically over time, their TTPs will. Effective techniques for initial access, post-authentication activity, and dwell time within a target tenant are an attacker’s bread and butter. The cliche of “emerging threats” is actually a blurred line between simple IOCs and ... Read More

While the goals of various adversary groups may not change drastically over time, their TTPs will. Effective techniques for initial access, post-authentication activity, and dwell time within a target tenant are an attacker’s bread and butter. The cliche of “emerging threats” is actually a blurred line between simple IOCs and ... Read More

The MITRE ATT&CK framework is a continually evolving resource, tracking the tactics, techniques, and procedures (TTPs) employed by adversaries across all phases of an attack. The recent v15 release brings valuable updates and Obsidian Security is honored to have contributed to a number of techniques contained in this release. This ... Read More

The MITRE ATT&CK framework is a continually evolving resource, tracking the tactics, techniques, and procedures (TTPs) employed by adversaries across all phases of an attack. The recent v15 release brings valuable updates and Obsidian Security is honored to have contributed to a number of techniques contained in this release. This ... Read More

SOC teams frequently look to the IP geolocation to determine whether an alert or activity poses a genuine threat.  However, with the changing threat landscape, relying solely on this information is no longer sufficient. In this blog post, we explain why, drawing insights from our investigations, and offer guidance for ... Read More