Account Compromise

Securing Against OAuth Exploitation: A Step-By-Step Guide
Recent findings from Microsoft Threat Intelligence reveal a concerning trend: threat actors exploiting vulnerabilities in Microsoft 365 and Azure environments to execute attacks, with a focus on OAuth application abuse. In this ...

SaaS Ransomware Observed in the Wild for Sharepoint in Microsoft 365
Background Obsidian’s Threat Research team has observed a SaaS ransomware attack against a company’s Sharepoint Online (Microsoft 365) without using a compromised endpoint. Our team and product were leveraged post-compromise to determine ...

Five Types of Business Email Compromise Attacks and How to Prevent Them
In a recent blog, we cited the Federal Bureau of Investigation (FBI) and its Internet Crime Complaint Center (IC3) latest 2022 report, which emphasized a steep and significant rise in Business Email Compromise ...

The Undeniable Effectiveness of Password Spray
One of the most effective techniques NodeZero employs for initial access is password spray. It’s a primitive technique, basically guessing passwords, and when it works it feels like magic. Yet we see ...

Beef up your Cyber Protection with Multi Factor Authentication
“When it comes to security, Two-Factor Authentication proves to be a treasury full of gold.” The severity and frequency of ransomware attacks and other cybercrimes have exploded in the last few years ...
Spotting SaaS Application Vulnerabilities
This blog is reposted from an article originally published on August 19, 2022 by Michael Novinson and ISMG. Listen to the full interview here. Obsidian Security has in recent months invested in ...

Responding to the Twilio SMS Incident with Obsidian
Earlier this month, Twilio shared publicly that they had been targeted with an ongoing social-engineering phishing scam via SMS. This is the latest in a string of recent sophisticated breaches gaining access ...

Modern Threat Detection: Making Impossible Travel Possible
This blog was co-authored by Obsidian Senior Security Researcher Jody Forness and Machine Learning Engineer Marcus McCurdy. The security industry can be rife with vendors who tout the advanced machine learning and ...
Insider Threat Personas: Who is Responsible for Insider Attacks?
Hello week four of National Insider Threat Awareness month! This week we’re talking about insider... The post Insider Threat Personas: Who is Responsible for Insider Attacks? appeared first on Gurucul ...
Do You Think Your Healthcare Data Is Safe?
The HIPAA Journal is reporting that in March of 2021, we saw a 38.8% increase... The post Do You Think Your Healthcare Data Is Safe? appeared first on Gurucul ...