Security Advisories
Rethinking Identity Threat Detection: Don’t Rely on IP Geolocation
SOC teams frequently look to the IP geolocation to determine whether an alert or activity poses a genuine threat. However, with the changing threat landscape, relying solely on this information is no ...
Risky Business: How HR Tech is Contributing to SaaS Risks
In today’s digital-first world, individuals are bringing B2C behaviors into the B2B sphere. Just as someone might casually share personal login details with platforms like Turbotax for tax filing, many are now ...
SaaS Under Siege: Nation-State Actors Target Identities
TL;DR – Like bank robbers and banks, nation-state actors are now targeting SaaS because that’s where the currency is. Plus, now it’s even easier than traditional endpoint compromise. In case you missed ...
Firefox 122 Released with 15 Security Fixes
Mozilla released the new version of its popular browser, Firefox 122, on January 23, 2024. It came 1 month and 5 days after the previous Firefox 121 and brings several new features ...
Patch Tuesday: Intel and AMD Disclose 130+ Vulnerabilities
In the cybersecurity world, the second Tuesday of every month is a significant date marked by the release of security updates known as Patch Tuesday. This monthly event sees major technology players ...
Detecting AiTM Phishing Sites with Fuzzy Hashing
Background In this blog, we will cover how Obsidian detects phishing kits or Phishing-as-a-Service (PhaaS) websites for our customers by analyzing the fuzzy hashes of visited website content. This concept draws from ...
Are Your ServiceNow ACLs Publicly Exposing Data?
On October 18, 2023, ServiceNow acknowledged a potential security issue stemming from misconfigurations of Simple List, a widget used simply to retrieve and display data within the Service Portal. This particular vulnerability ...
Behind the Breach: Cross-tenant Impersonation in Okta
In recent investigations, the Obsidian Threat Research team has observed multiple instances of cross-tenant impersonation used to establish persistence and escalate user privileges within Okta environments. This technique poses a significant risk ...
Behind The Breach: Self-Service Password Reset (SSPR) Abuse in Azure AD
In several recent investigations of SaaS security incidents, the Obsidian threat research team identified a novel attack vector in the wild: abuse of the Azure AD self-service password reset (SSPR) feature. With ...
Behind The Breach: Self-Service Password Reset (SSPR) Abuse in Azure AD
In several recent investigations of SaaS security incidents, the Obsidian threat research team identified a novel attack vector in the wild: abuse of the Azure AD self-service password reset (SSPR) feature. With ...