December 12, 2024 at 08:28AM Oasis Security revealed a critical vulnerability, AuthQuake, allowing bypass of Microsoft’s multi-factor authentication (MFA). Reported in June, a temporary fix was issued before a permanent one in October. The exploit required no user interaction and could quickly grant access to sensitive accounts, affecting over 400 million Office 365 users. ### … Read more
December 11, 2024 at 03:50PM Researchers at Oasis Security exploited a Microsoft Azure multifactor authentication vulnerability, dubbed “AuthQuake,” allowing unauthorized access to user accounts, including Microsoft 365 services. The flaw, caused by a lack of rate limits during MFA sign-in attempts, was fixed by Microsoft in October 2023. Recommendations for improved security were provided. ### … Read more
May 1, 2024 at 02:58PM Identity management startup Oasis Security secured $35 million in a Series A extension round, totaling $75 million raised. The round, led by Accel, Cyberstarts, and Sequoia Capital, aims to help organizations manage Non-Human Identities (NHI) securely. Their software offers agentless connection, built-in analytics, severity scoring, and tailored remediation. The funding … Read more