How to Enact a SaaS Compliance Strategy for NIS2 and DORA
Critical data has migrated to SaaS, and attackers are taking advantage of this new avenue for exploitation—monthly SaaS breaches are up 300% year over year. Due to the critical role SaaS applications ...
Shadow Linking: The Persistence Vector of SaaS Identity Threat
Executive Summary The Obsidian Security Research Team has uncovered a persistence attack vector, Shadow Linking, which allows threat actors to gain persistent access via OpenID Connect (OIDC) login to victims’ SaaS accounts ...
Dissecting Real World Help Desk Social Engineering Attacks
Social engineering attacks have evolved significantly, and one of the most concerning trends is the targeting of help desk agents. These attacks exploit human vulnerability, bypassing technical safeguards to gain unauthorized access ...
The Growing Importance of Securing Local Access in SaaS Applications
Introduction Recently, we posted a blog discussing the complexity of enforcing Single Sign-On (SSO) within Salesforce and the frequent misconfigurations we encounter at Obsidian Security. A striking statistic from our observations: 60% ...
Securing Your Snowflake Environments
SaaS breaches have increased 4x in the last year. We have seen a sequence of breaches that have impacted major SaaS vendors, such as Microsoft and Okta. Snowflake has been in the ...
A Practical Guide for Handling Unauthorized Access to Snowflake
In the last year, we have seen a sequence of breaches that have impacted major SaaS vendors, such as Microsoft and Okta. Snowflake has been in the news recently due to attacks ...
Identity Threat Alert: Prevent Attackers from Bypassing the IdP to Log-in to Salesforce
Attackers can—and do—bypass Identity Providers (IdPs) like Okta, OneLogin, and Microsoft to access Salesforce directly. Salesforce is perhaps any organization’s most mature and integrated app containing highly sensitive data. And attackers know ...
Identity Threat Alert: Prevent Attackers from Bypassing the IdP to Log-in to Salesforce
Attackers can—and do—bypass Identity Providers (IdPs) like Okta, OneLogin, and Microsoft to access Salesforce directly. Salesforce is perhaps any organization’s most mature and integrated app containing highly sensitive data. And attackers know ...
Emerging Identity Threats: The Muddy Waters of Residential Proxies
While the goals of various adversary groups may not change drastically over time, their TTPs will. Effective techniques for initial access, post-authentication activity, and dwell time within a target tenant are an ...
Emerging Identity Threats: The Muddy Waters of Residential Proxies
While the goals of various adversary groups may not change drastically over time, their TTPs will. Effective techniques for initial access, post-authentication activity, and dwell time within a target tenant are an ...
