Security Advisories

Shadow Linking: The Persistence Vector of SaaS Identity Threat
Executive Summary The Obsidian Security Research Team has uncovered a persistence attack vector, Shadow Linking, which allows threat actors to gain persistent access via OpenID Connect (OIDC) login to victims’ SaaS accounts ...

Dissecting Real World Help Desk Social Engineering Attacks
Social engineering attacks have evolved significantly, and one of the most concerning trends is the targeting of help desk agents. These attacks exploit human vulnerability, bypassing technical safeguards to gain unauthorized access ...

Emerging Identity Threats: The Muddy Waters of Residential Proxies
While the goals of various adversary groups may not change drastically over time, their TTPs will. Effective techniques for initial access, post-authentication activity, and dwell time within a target tenant are an ...

Emerging Identity Threats: The Muddy Waters of Residential Proxies
While the goals of various adversary groups may not change drastically over time, their TTPs will. Effective techniques for initial access, post-authentication activity, and dwell time within a target tenant are an ...

Rethinking Identity Threat Detection: Don’t Rely on IP Geolocation
SOC teams frequently look to the IP geolocation to determine whether an alert or activity poses a genuine threat. However, with the changing threat landscape, relying solely on this information is no ...

Risky Business: How HR Tech is Contributing to SaaS Risks
In today’s digital-first world, individuals are bringing B2C behaviors into the B2B sphere. Just as someone might casually share personal login details with platforms like Turbotax for tax filing, many are now ...

SaaS Under Siege: Nation-State Actors Target Identities
TL;DR – Like bank robbers and banks, nation-state actors are now targeting SaaS because that’s where the currency is. Plus, now it’s even easier than traditional endpoint compromise. In case you missed ...
Firefox 122 Released with 15 Security Fixes
Mozilla released the new version of its popular browser, Firefox 122, on January 23, 2024. It came 1 month and 5 days after the previous Firefox 121 and brings several new features ...
Patch Tuesday: Intel and AMD Disclose 130+ Vulnerabilities
In the cybersecurity world, the second Tuesday of every month is a significant date marked by the release of security updates known as Patch Tuesday. This monthly event sees major technology players ...

Detecting AiTM Phishing Sites with Fuzzy Hashing
Background In this blog, we will cover how Obsidian detects phishing kits or Phishing-as-a-Service (PhaaS) websites for our customers by analyzing the fuzzy hashes of visited website content. This concept draws from ...