Obsidian Security Expands its Reach to Google Cloud Marketplace, Elevating SaaS Security for Organizations Worldwide
9 April 2024 – Obsidian Security makes a significant expansion of its service accessibility by expanding its SaaS Security offering to Google Cloud Platform (GCP), and making it available on the Google Cloud Marketplace. This strategic decision opens new doors for enterprises looking to bolster their security posture, offering them ... Read More
How to Correctly Use Client IP Addresses in Okta Audit Logs to Improve Identity Security
Being able to identify client IP addresses is essential for detecting and preventing identity-related threats. These IP addresses help establish a baseline of identity activities and highlight deviations often associated with threat actors. By monitoring and analyzing client IPs, organizations can detect unauthorized access attempts, mitigate security risks, and enhance ... Read More
Detecting & Blocking Tycoon’s latest AiTM Phishing Kit
This blog details how Obsidian detects and blocks the latest version of Tycoon, an adversary-in-the-middle (AiTM), Phishing-as-a-Service (PhaaS) platform that leverages a reverse proxy to intercept and replay credentials and MFA prompts. This new version of Tycoon has recently received press from Forbes [1], Dark Reading [2], TechRadar [3], and ... Read More
Risky Business: How HR Tech is Contributing to SaaS Risks
In today’s digital-first world, individuals are bringing B2C behaviors into the B2B sphere. Just as someone might casually share personal login details with platforms like Turbotax for tax filing, many are now sharing corporate credentials with third-party providers for various personal and professional tasks. A recent investigation by Obsidian’s Threat ... Read More
Behind The Breach: Microsoft Breach by Russian Hackers
On 12 January 2024, Microsoft disclosed a critical breach carried out by Russian state-sponsored group, Midnight Blizzard. The threat actor used a password-spraying attack to gain unauthorized access to Microsoft Corporation’s Office 365 tenant–affecting the accounts of senior leaders and members of Microsoft’s cybersecurity and legal teams. Who is Midnight ... Read More
Behind The Breach: MFA Everywhere, Yes. MFA For Everyone, No.
Many organizations adopt an “MFA everywhere” approach, embracing Multi-Factor Authentication (MFA) to safeguard against account compromise and prevent additional access to compromised accounts. Organizations commonly deploy conditional access policies (CAPs) that mandate multi-factor authentication (MFA) in specific scenarios, such as when users are off-network, while exempting it in other cases, ... Read More
Behind the Breach: Pass-The-Cookie Beyond IdPs
Pass-The-Cookie (PTC), also known as token compromise, is a common attack technique employed by threat actors in SaaS environments. In the past, Obsidian’s Threat Research team noted a pattern where most PTC attacks focused on stealing the identity provider (IdP) primary authentication cookie. However, there has since been a shift ... Read More
Securing Against OAuth Exploitation: A Step-By-Step Guide
Recent findings from Microsoft Threat Intelligence reveal a concerning trend: threat actors exploiting vulnerabilities in Microsoft 365 and Azure environments to execute attacks, with a focus on OAuth application abuse. In this blog post, we explore two incidents included in Microsoft’s findings. We explore the actions involved in each and ... Read More
