September 30, 2024 at 01:06PM Summary: Cybersecurity teams are facing threats from “Storm-0501,” a ransomware group targeting vulnerable organizations in hybrid cloud environments. Microsoft reports that the group exploits weak passwords and overprivileged accounts to access cloud environments, using compromised credentials to extract data and spread ransomware. Security experts emphasize the importance of a zero-trust … Read more
August 7, 2024 at 07:26PM At the Black Hat USA conference, it was revealed that an obscure issue in Microsoft’s Entra ID identity and access management service could enable a hacker with admin-level access to gain global administrator privileges. This could lead to unauthorized access, including accessing sensitive data and planting malware in an organization’s … Read more
February 29, 2024 at 11:27AM Cybersecurity researchers have unveiled a new attack technique called Silver SAML, a variant of the Golden SAML attack that exploits SAML for unauthorized access to applications like Salesforce. While real-world attacks are rare, the method poses a moderate-severity threat, impacting organizations using identity providers like Microsoft Entra ID. Responsible disclosure … Read more
October 24, 2023 at 04:23AM SANS has developed a training and certification program focused on cloud security. They are offering a free webinar called ‘Bridge to the Clouds: Unifying Worlds with Entra ID in Hybrid Landscapes’ on November 7th. The webinar will explore how Microsoft’s Entra ID improves identity and access management in hybrid cloud … Read more