Latest news with #EntraID
Techday NZ
4 days ago
- Business
- Techday NZ
Veeam named Leader in Gartner 2025 backup & data report
Veeam has been named a Leader in the 2025 Gartner Magic Quadrant for Backup & Data Protection Platforms for the ninth time in a row. Gartner has also placed Veeam in the highest position for Ability to Execute for the sixth consecutive year as outlined in the latest Magic Quadrant, a research report that assesses vendors in the backup and data protection sector. The recognition comes as Veeam has introduced a series of new capabilities, especially within the Veeam Data Cloud portfolio. These developments include expanded protection options for Microsoft SaaS environments, expanded safeguarding for both Microsoft 365 and Entra ID user identities, and new features for predictable, immutable offsite storage to help further guard against ransomware attacks. The company has also launched added support for Salesforce, widening the coverage of secure and recoverable enterprise cloud applications. Market position The Gartner Magic Quadrant is a widely referenced industry analysis which categorises technology providers into four quadrants based on their 'Ability to Execute' and 'Completeness of Vision.' Leaders occupy the highest positions across both axes, reflecting vendor capabilities and ongoing advancement in the field. Gartner analysts report that these distinctions are based on comprehensive, fact-based research and support organisations seeking to align strategic decisions about data protection with the particular needs of their business. Commenting on Veeam's continued placement, Anand Eswaran, Chief Executive Officer at Veeam, said, "Veeam's success is built on serving our customers' needs and supporting them as their technology needs evolve – from delivering the most complete end-to-end cyber resilience capabilities to giving them the freedom to choose where and how to store and use their data." "That commitment to innovation, which has been at the core of our company since its inception, continues today as the world moves to SaaS and as organisations are incorporating AI into their core business processes. Veeam is the one-stop shop for keeping critical data safe no matter what happens." Veeam presently counts over 550,000 customers globally, including nearly 72% of the Global 2000 companies, who rely on its services for data protection and recovery needs. Recent advancements The company has added protection for the identities managed through Microsoft's Entra ID as part of its Microsoft SaaS offering. This, coupled with enhancements in offsite storage, is intended to improve resilience to increasingly prevalent ransomware threats. There is also new support for Salesforce, which means a greater proportion of customer cloud applications are included within Veeam's protective umbrella, responding to increased demand for data security across diverse cloud-based platforms. Gartner Magic Quadrant background The Magic Quadrant is a recurring research tool used by organisations to assess technology vendors. According to Gartner, the reports "are a culmination of rigorous, fact-based research in specific markets, providing a wide-angle view of the relative positions of providers in markets where growth is high and provider differentiation is distinct." Providers are ranked in the quadrants of Leaders, Challengers, Visionaries, and Niche Players. Gartner emphasises that the Magic Quadrant results should not be interpreted as endorsements or recommendations for a specific vendor, but instead as a resource intended to support organisations as they review the changing data protection landscape and make purchasing decisions based on their individual requirements. Industry landscape The backup and data protection sector continues to evolve alongside new security challenges, particularly the growth in cyber threats such as ransomware and demands driven by artificial intelligence and SaaS adoption. Through its document, Gartner notes that the name and scope of the Magic Quadrant report has adapted to reflect these shifting industry priorities. It highlights the importance of robust research and considered decision making for technology and security leaders seeking to effectively safeguard business operations and data assets.
Techday NZ
4 days ago
- Business
- Techday NZ
Semperis warns nOAuth flaw in Entra ID risks SaaS accounts
Semperis has published new research highlighting the ongoing risk posed by the nOAuth vulnerability in Microsoft's Entra ID, which may allow attackers to take over SaaS application accounts with minimal effort. According to the research, nOAuth remains undetected by many SaaS vendors and is very difficult for enterprise customers to defend against. The vulnerability, originally disclosed in 2023 by Omer Cohen of Descope, arises due to a flaw in how certain SaaS applications implement OpenID Connect, particularly when unverified email claims can be used as user identifiers in Entra ID app configurations. This practice contrasts with recommended OpenID Connect standards. Semperis' follow-up investigation examined applications listed in Microsoft's Entra Application Gallery, finding that over a year after its initial disclosure, a substantial portion of applications remain vulnerable to nOAuth abuse. Risk to enterprises The core issue with nOAuth is that attackers require only their own Entra tenant and the email address of a target user to potentially gain full access to that person's account in a vulnerable SaaS application. Traditional defences, including Multi-Factor Authentication (MFA), conditional access, and Zero Trust policies, do not mitigate this risk. This presents a challenge for both developers and end-users. As Eric Woodruff, Chief Identity Architect at Semperis, explained, "It's easy for well-meaning developers to follow insecure patterns without realising it and in many cases, they don't even know what to look for. Meanwhile, customers are left with no way to detect or stop the attack, making this an especially dangerous and persistent threat." Through comprehensive testing of more than 100 Entra-integrated SaaS applications, Semperis identified that nearly 10% were susceptible to nOAuth exploitation. Once access is obtained via this vulnerability, attackers may exfiltrate data, maintain persistence, and potentially move laterally within the victim organisation's environment. Detection and mitigation challenges Detection of nOAuth abuse is exceptionally difficult, as successful attacks leave minimal traces within standard user activity logs. Deep correlation across both Entra ID and individual SaaS platform logs is required to identify potential breaches. Semperis' research indicates that exploitation continues to be possible, despite the initial public disclosure and vendor recommendations. Highlighting the severity of the nOAuth issue, Woodruff added, "nOAuth abuse is a serious threat that many organisations may be exposed to. It's low effort, leaves almost no trace and bypasses end-user protections. We've confirmed exploitation is still possible in many SaaS apps, which makes this an urgent call to action. We encourage developers to implement the necessary fixes and help protect their customers before this flaw is exploited further." Semperis has communicated its findings to both affected SaaS vendors and Microsoft, beginning in December 2024. Some vendors have taken steps to address the issue, while others reportedly remain vulnerable. Industry response and recommendations The Microsoft Security Response Centre (MSRC) advises SaaS application vendors to implement its security recommendations regarding user identification and OpenID Connect integration. Firms failing to comply may risk removal from the Entra Application Gallery. Semperis continues to focus on identity threat detection, with recent announcements regarding new detection features addressing other critical vulnerabilities such as BadSuccessor and Silver SAML. These findings exemplify ongoing risks within enterprise identity services, where configuration weaknesses in authentication protocols can present significant challenges for both software providers and their customers. The nOAuth vulnerability underlines the importance of not only secure development practices but also continuous monitoring as enterprise reliance on SaaS and identity federation increases. Semperis' report calls for prompt action from SaaS vendors to update their authentication implementations to address this persistent risk.
Forbes
13-06-2025
- Forbes
Microsoft Users Warned Of Ongoing Password Spraying Attack — Act Now
Microsoft users under attack from password spraying hackers. As Microsoft users continue to be warned about hackers targeting everything from Windows Secure Boot vulnerabilities to Outlook emails and Windows Server zero-days, the last thing you probably want to hear is yet another warning regarding an ongoing cyberattack against Microsoft accounts. Yet here we are, and you need to take this one very seriously indeed, as thousands of Entra ID accounts are being bombarded with a password spraying attack from a group known as SneakyStrike. With billions of compromised passwords to use as ammunition by automatic hacking machines, the time to sit up and take notice is right now. Let's get serious here: one of the worst types of cybersecurity warning you can get is concerning what is known within the industry as an ATO. Let me spell that out for you: Active. Account. Takeover. And that, I'm sorry to say, is what we have here. Threat researchers working at Proofpoint have confirmed just such an ATO, targeting Microsoft Entra ID accounts and having success in compromising victim organizations. Attributed to an attack group called SneakyStrike, also known as SneakyChef which has a history of government-level espionage campaigns, the researchers said that the ongoing Microsoft cyberattack has already 'affected over 80,000 targeted user accounts across hundreds of organizations, resulting in several cases of successful account takeover.' The attackers are using a penetration testing platform to strike, leveraging both Microsoft Teams and Amazon Web Services servers across multiple geographical locations. What they have in common is that all the attacks involve user enumeration and password spraying at scale. This, the research report said, has led to SneakyStrike actors exploiting access to applications, including Microsoft Teams, OneDrive, and Outlook. This ongoing attack leaves hundreds of organisations vulnerable, Eric Woodruff, chief identity architect at Semperis, warned. 'In response to this threat and cloud services attacks,' Woodruff told me, 'organizations need to adopt a multi-layered, identity-first security approach, and mitigation efforts should centre around reducing their attack surface, increasing visibility, and enforcing strong access controls.' Remember that such password spraying attacks rely upon the accounts being targeted for compromise not having adequate login protection. Specifically, using common passwords or those that are created using a systematic variation within an organization. Both of these password types should be replaced with strong passwords that are not reused or found within commonly available stolen password databases. Do not act now, and you could be the latest Microsoft victim of SneakyStrike. You have been warned.
Yahoo
12-06-2025
- Business
- Yahoo
Okta's Backlog Tops $4B on Strong Identity Security Demand
Okta's OKTA Remaining Performance Obligations (RPO) or subscription backlog surged to $4.084 billion in the first quarter of fiscal 2026, marking a 21% year-over-year increase. More importantly, current RPO jumped 14% year over year to $2.23 billion, highlighting the company's strong forward 12-month revenue visibility. This significant backlog growth reflects sustained enterprise demand for OKTA's identity security solutions, as organizations prioritize secure access in increasingly complex IT company benefits from strong demand for its new products, including Identity Governance, Privileged Access, Device Access, Fine Grained Authorization, Identity Security Posture Management and Identity Threat Protection with Okta AI. Okta's Identity Security Posture Management and Privileged Access solutions are helping enterprises tackle non-human identities that comprise service accounts, shared accounts, machines and the second quarter of fiscal 2026, OKTA projects current RPO growth in the range of 10% to 11%. While the guidance reflects a slightly cautious outlook amid ongoing macroeconomic headwinds, it still indicates resilient demand and solid revenue visibility. As identity and access management becomes a top priority for enterprises, Okta faces stiff competition from seasoned players like CyberArk Software CYBR and Microsoft leads in Privileged Access Management, offering advanced tools like credential vaulting and threat analytics. With its acquisition of Zilla Security, it's expanding into automated Identity Governance. This move strengthens CyberArk's Identity Security Platform, boosting compliance and efficiency. Microsoft's Entra ID poses a significant challenge by offering a fully integrated Identity and Access Management solution, including Single Sign-On, Multi-Factor Authentication, Conditional Access and Identity Protection. Shares of Okta have appreciated 27.7% year to date compared with the Zacks Security industry's return of 19.9%. Image Source: Zacks Investment Research Okta currently trades at a premium, with a forward Price/Cash Flow ratio of 23.83, higher than the broader Zacks Computer & Technology sector's 20.4X. OKTA has a Value Score of D. Image Source: Zacks Investment Research The Zacks Consensus Estimate for OKTA's 2026 revenues is pegged at $2.86 billion, indicating 9.44% year-over-year growth. The consensus mark for earnings is pegged at $3.28 per share, which increased 2.8% over the past 30 days. The earnings figure suggests 16.73% growth over the figure reported in fiscal 2025. Image Source: Zacks Investment Research OKTA stock currently carries a Zacks Rank #2 (Buy). You can see the complete list of today's Zacks #1 Rank (Strong Buy) stocks here. Want the latest recommendations from Zacks Investment Research? Today, you can download 7 Best Stocks for the Next 30 Days. Click to get this free report Microsoft Corporation (MSFT) : Free Stock Analysis Report CyberArk Software Ltd. (CYBR) : Free Stock Analysis Report Okta, Inc. (OKTA) : Free Stock Analysis Report This article originally published on Zacks Investment Research ( Zacks Investment Research
Techday NZ
09-06-2025
- Business
- Techday NZ
Semperis adds detection for dMSA attacks in Windows Server
Semperis has announced new detection capabilities in its Directory Services Protector platform in collaboration with Akamai to address the "BadSuccessor" privilege escalation technique in Windows Server 2025. BadSuccessor targets a new Windows Server 2025 feature called delegated Managed Service Accounts (dMSAs), which was designed to improve service account security. Researchers at Akamai have shown that attackers can exploit dMSAs to impersonate highly privileged users, such as Domain Admins, within Active Directory. At present, there is no patch available to address this vulnerability. Service accounts, including dMSAs, often operate with extensive or unmonitored privileges, creating potential security risks for enterprises. The exploitation method uncovered by Akamai highlights ongoing challenges in securing service accounts and preventing unexpected attack vectors within large organisations. In response, Semperis has updated its Directory Services Protector platform to include one new Indicator of Exposure and three Indicators of Compromise aimed at detecting abnormal dMSA activity. These enhancements will enable security teams to identify excessive delegation rights, malicious connections between dMSAs and privileged user accounts, and attacks directed at sensitive accounts such as KRBTGT. "Semperis moved quickly to translate the vulnerability into real-world detection capabilities for defenders, demonstrating how collaboration between researchers and vendors can lead to rapid, meaningful impact. The abuse of service accounts is a growing concern, and this high-profile vulnerability is a wake-up call," said Yuval Gordon, Security Researcher at Akamai. "Service accounts remain one of the least governed yet most powerful assets in enterprise environments. This collaboration with Akamai allowed us to close detection gaps fast and give defenders visibility into a deeply complex area of Active Directory that attackers continue to exploit," said Tomer Nahum, Security Researcher at Semperis. The vulnerability is present in any organisation that operates at least one domain controller running Windows Server 2025. According to Semperis, a single misconfigured domain controller can place the entire environment at risk. Until vendors release an official patch, organisations are encouraged to audit dMSA permissions and use detection tools to monitor for misuse. Semperis is reinforcing cybersecurity for enterprises by protecting critical identity services that underpin hybrid and multi-cloud environments. Purpose-built for securing complex identity infrastructures — including Active Directory, Entra ID, and Okta — Semperis' AI-powered platform safeguards more than 100 million identities from cyberattacks, data breaches, and operational missteps. Headquartered in Hoboken, New Jersey, the privately held international company supports major global brands and government agencies, with customers spanning over 40 countries. Beyond its core technology offerings, Semperis is recognized for its commitment to the cybersecurity community. The company sponsors a range of industry resources, including the award-winning Hybrid Identity Protection (HIP) Conference, the HIP Podcast, and free identity security tools such as Purple Knight and Forest Druid. With its dual mission to protect digital infrastructure and empower the security community, Semperis continues to play a pivotal role in advancing global cyber resilience. Follow us on: Share on:
