Security Guidance
Shadow Linking: The Persistence Vector of SaaS Identity Threat
Executive Summary The Obsidian Security Research Team has uncovered a persistence attack vector, Shadow Linking, which allows threat actors to gain persistent access via OpenID Connect (OIDC) login to victims’ SaaS accounts ...
The Growing Importance of Securing Local Access in SaaS Applications
Introduction Recently, we posted a blog discussing the complexity of enforcing Single Sign-On (SSO) within Salesforce and the frequent misconfigurations we encounter at Obsidian Security. A striking statistic from our observations: 60% ...
Securing Your Snowflake Environments
SaaS breaches have increased 4x in the last year. We have seen a sequence of breaches that have impacted major SaaS vendors, such as Microsoft and Okta. Snowflake has been in the ...
A Practical Guide for Handling Unauthorized Access to Snowflake
In the last year, we have seen a sequence of breaches that have impacted major SaaS vendors, such as Microsoft and Okta. Snowflake has been in the news recently due to attacks ...
Identity Threat Alert: Prevent Attackers from Bypassing the IdP to Log-in to Salesforce
Attackers can—and do—bypass Identity Providers (IdPs) like Okta, OneLogin, and Microsoft to access Salesforce directly. Salesforce is perhaps any organization’s most mature and integrated app containing highly sensitive data. And attackers know ...
Identity Threat Alert: Prevent Attackers from Bypassing the IdP to Log-in to Salesforce
Attackers can—and do—bypass Identity Providers (IdPs) like Okta, OneLogin, and Microsoft to access Salesforce directly. Salesforce is perhaps any organization’s most mature and integrated app containing highly sensitive data. And attackers know ...
Emerging Identity Threats: The Muddy Waters of Residential Proxies
While the goals of various adversary groups may not change drastically over time, their TTPs will. Effective techniques for initial access, post-authentication activity, and dwell time within a target tenant are an ...
Emerging Identity Threats: The Muddy Waters of Residential Proxies
While the goals of various adversary groups may not change drastically over time, their TTPs will. Effective techniques for initial access, post-authentication activity, and dwell time within a target tenant are an ...
Rethinking Identity Threat Detection: Don’t Rely on IP Geolocation
SOC teams frequently look to the IP geolocation to determine whether an alert or activity poses a genuine threat. However, with the changing threat landscape, relying solely on this information is no ...
How to Correctly Use Client IP Addresses in Okta Audit Logs to Improve Identity Security
Being able to identify client IP addresses is essential for detecting and preventing identity-related threats. These IP addresses help establish a baseline of identity activities and highlight deviations often associated with threat ...
