Latest news with #MicrosoftEntraID
Techday NZ
12-06-2025
- Techday NZ
Over 80,000 Microsoft Entra ID accounts hit by major takeover campaign
Proofpoint has identified an active account takeover campaign targeting Microsoft Entra ID users and exploiting the TeamFiltration penetration testing framework. The campaign, which Proofpoint has named UNK_SneakyStrike, has involved attackers gaining unauthorised access to native applications including Microsoft Teams, OneDrive, and Outlook. According to the company's research, since December 2024 this activity has impacted over 80,000 user accounts across hundreds of organisations, resulting in several instances of successful account takeover. Attack methods UNS_SneakyStrike deploys the TeamFiltration pentesting framework to carry out its attacks, leveraging the Microsoft Teams API and Amazon Web Services (AWS) servers in multiple geographical regions. The attackers execute user-enumeration and password-spraying attacks to identify and compromise target accounts. TeamFiltration, which was first released in January 2021, is a post-exploitation tool originally designed for legitimate penetration testing and risk evaluation of Microsoft 365 environments. The tool automates a variety of tactics, techniques, and procedures (TTPs) associated with account takeover campaigns, including account enumeration, password spraying, and data exfiltration. The attackers have exploited access to specific resources and applications with TeamFiltration's features for persistent access. These include "backdooring" via OneDrive, accomplished by uploading malicious files to a user's OneDrive and replacing desktop files with rogue versions, potentially containing malware or macros for ongoing access. Proofpoint noted, "TeamFiltration helps automate several tactics, techniques, and procedures (TTPs) used in modern ATO attack chains. As with many security tools that are originally created and released for legitimate uses, such as penetration testing and risk evaluation, TeamFiltration was also leveraged in malicious activity." Identifying the activity Proofpoint researchers analysed TeamFiltration's public GitHub documentation and configuration files to identify a rare user agent string — representing an outdated Teams client — being used during suspicious activity. This served as a key indicator for tracking unauthorised uses of the tool. They also observed attempts by attackers to access sign-in applications from devices incompatible with those services, suggesting the use of user agent spoofing as a means to disguise the source of the attacks. Another indicator was the pattern of attempted access to a defined list of Microsoft OAuth client applications. The applications are capable of obtaining special "family refresh tokens," allowing attackers to exchange them for access tokens to exploit various native Microsoft applications. Proofpoint found that TeamFiltration's most recent client ID list contained some inaccuracies, with incorrect mappings for 'Outlook' and 'OneNote'. Despite this, the tool's configuration closely aligned with a known family of client IDs published publicly by another cyber security research initiative. AWS infrastructure and behaviour TeamFiltration requires an AWS account to conduct its simulated attacks. Its password spraying function systematically rotates through different AWS Regions, and its enumeration features rely either on a disposable Microsoft 365 Business Basic account or, following recent updates, on a OneDrive-based method. Proofpoint stated, "TeamFiltration's enumeration function leverages the disposable account and the Microsoft Teams API to verify the existence of user accounts within a given Microsoft Entra ID environment before launching password spraying attempts. A recent update to the tool's code introduced a OneDrive-based enumeration method, enhancing its enumeration capabilities." Attacks attributed to TeamFiltration have been observed originating from AWS infrastructure and rotating across multiple AWS regions, with password spraying attempts systematically spread for wider impact and to hinder detection. Campaign analysis Proofpoint began tracking a distinct activity set, UNK_SneakyStrike, after differentiating malicious use of TeamFiltration from legitimate penetration testing activity. The main difference was that attackers operated in indiscriminate, high-volume bursts across many cloud tenants, while security assessments tend to be more targeted and controlled. Proofpoint threat researchers have recently uncovered an active account takeover (ATO) campaign, tracked as UNK_SneakyStrike, using the TeamFiltration pentesting framework to target Entra ID user accounts. Using a combination of unique characteristics, Proofpoint researchers were able to detect and track unauthorized activity attributed to TeamFiltration. According to Proofpoint findings, since December 2024 UNK_SneakyStrike activity has affected over 80,000 targeted user accounts across hundreds of organizations, resulting in several cases of successful account takeover. Attackers leverage Microsoft Teams API and Amazon Web Services (AWS) servers located in various geographical regions to launch user-enumeration and password-spraying attempts. Attackers exploited access to specific resources and native applications, such as Microsoft Teams, OneDrive, Outlook, and others. The volume of login attempts linked to TeamFiltration saw a marked increase starting in December 2024, peaking in January 2025. Over 80,000 user accounts across approximately 100 cloud tenants were targeted, with multiple cases of account takeover observed. Patterns and regional targeting UNK_SneakyStrike activities typically occur in concentrated bursts, focusing on numerous users within a single cloud environment, and then pausing for periods of four to five days. The apparent strategy varies by organisation size: all users within smaller tenant environments are targeted, but only specific user subsets are selected among larger tenants. The primary sources for malicious login activity were traced to AWS infrastructure in three regions: the United States (42% of IP addresses), Ireland (11%), and Great Britain (8%). Tool risks and future outlook Proofpoint noted that penetration testing tools such as TeamFiltration are intended to benefit defensive security operations, but acknowledged their potential for malicious use. "While tools such as TeamFiltration are designed to assist cyber security practitioners in testing and improving defense solutions, they can easily be weaponized by threat actors to compromise user accounts, exfiltrate sensitive data, and establish persistent footholds." The company expects such advanced tools to become more common among attackers. "Proofpoint anticipates that threat actors will increasingly adopt advanced intrusion tools and platforms, such as TeamFiltration, as they pivot away from less effective intrusion methods." Proofpoint has provided security indicators, including a list of observed IP addresses and user agent strings, to aid organisations in detecting potential unauthorised access related to this campaign. The company recommends correlating these indicators with additional context and behavioural analytics for accurate detections.
Yahoo
10-06-2025
- Business
- Yahoo
Keepit Continues Momentum With 2025 TrustRadius Top Rated Award
Keepit has been recognized as a leader among SaaS Backup, Data Loss Prevention, Disaster Recovery, and Enterprise Backup categories. COPENHAGEN, Denmark, June 10, 2025--(BUSINESS WIRE)--Keepit, a global leader in SaaS data backup and recovery, today announced that it has been recognized as TrustRadius Top Rated in four categories: SaaS Backup, Data Loss Prevention, Disaster Recovery, and Enterprise Backup. This recognition comes directly from customers, underscoring Keepit's commitment to providing an intelligent and secure backup and recovery platform. "Earning a Top Rated award on TrustRadius is a reflection of how well a product is meeting the needs of its customers," says Allyson Havener, CMO, TrustRadius. "Keepit's recognition is based entirely on customer feedback—real users who value the platform's reliability, performance, and support." Since 2016, the TrustRadius Top Rated Awards have become the B2B's industry standard for unbiased recognition of excellent technology products. Based entirely on customer feedback, they have never been influenced by analyst opinion or status as a TrustRadius customer. Here is a detailed criteria breakdown of the methodology and scoring that TrustRadius uses to determine Top Rated winners. Keepit provides independent backup to over 18,000 customers worldwide Keepit backup and recovery solutions are currently available for eight workloads, such as Microsoft 365, Microsoft Entra ID, Google Workspace and Salesforce. The company will expand its offering in 2025 to include applications such as Jira, Bamboo, Okta and Confluence. Keepit's unique, intelligent, and cloud-native platform enables customers to safely secure their SaaS applications, ensuring full control of data regardless of unforeseen events such as outages, malicious attacks, or human error. "SaaS backup has become an increasingly crucial part of risk management and business continuity planning. We are thrilled that our customers rely on Keepit to safeguard critical data and value their continued feedback and support. Accolades such as the Top Rated Award mean a lot to us as a company and further validate that our solutions meet our customers' needs," says Michele Hayes, CMO at Keepit. Hear from verified users on how much they value Keepit: Keepit reviews on TrustRadius. About Keepit Keepit provides a next-level SaaS data protection platform purpose-built for the cloud. Securing data in a vendor-independent cloud safeguards essential business applications, boosts cyber resilience, and future-proofs data protection. Unique, separate, and immutable data storage with no sub-processors ensures compliance with local regulations and mitigates the impact of ransomware while guaranteeing continuous data access, business continuity, and fast and effective disaster recovery. Headquartered in Copenhagen with offices and data centers worldwide, over 18,000 companies trust Keepit for its ease of use and effortless backup and recovery of cloud data. For more information visit or follow Keepit on LinkedIn. About TrustRadius: TrustRadius is a buyer intelligence platform for business technology. We enable buyers to make confident decisions, through comprehensive product information, in-depth customer insights, and peer conversations. We help technology brands capture and activate the authentic voice of customers to improve their products, build confidence with prospects, and engage in-market buyers to improve ROI. Founded by successful entrepreneurs and headquartered in the technology hub of Austin, Texas, TrustRadius is backed by Mayfield Fund, LiveOak Venture Partners, and Next Coast Ventures. View source version on Contacts RedIron PR for KeepitKari Ritaccokari@ Error in retrieving data Sign in to access your portfolio Error in retrieving data Error in retrieving data Error in retrieving data Error in retrieving data
Yahoo
03-06-2025
- Business
- Yahoo
Aembit Extends Workload IAM to Microsoft Ecosystem, Securing Hybrid Access for Non-Human Identities
SILVER SPRING, Md., June 3, 2025 /PRNewswire/ -- Aembit, the workload identity and access management (IAM) company, today announced a major expansion of its platform to support Microsoft environments. With this launch, enterprises can now enforce secure, policy-based access for software workloads and agentic AI running on Windows Server, Active Directory, Microsoft Entra ID, and Azure – while extending that same access model to third-party clouds, SaaS tools, and partner environments. Modern infrastructure rarely lives in one place. While Microsoft technologies remain core to many enterprises, workloads routinely connect across trust boundaries – from on-prem infrastructure to Azure, AWS, Google Cloud, and external APIs. As infrastructure shifts to the cloud, identity and access management across all these resources becomes increasingly fragmented and complex, especially for non-human entities such as applications, scripts, AI agents, and services. With this launch, Aembit enables a unified approach to secure workload access management across the Microsoft ecosystem and beyond, reducing operational complexity while improving visibility, automation, and risk posture. "Security teams require consistent enforcement across all environments – not different tools and rules for every platform," said Kevin Sapp, co-founder and CTO of Aembit. "We built this integration to help enterprises modernize without compromise, providing policy-driven access across all Microsoft workloads, whether they run on-prem or in the cloud." With this launch, Aembit delivers: Consistent access control for non-human identities: Teams can now centrally define and enforce access policies for applications, agents, and services across Windows Server, Active Directory, Microsoft Entra ID, and Azure. They can extend the same model to non-Microsoft resources such as AWS, GCP, or SaaS services. Accelerated cloud migrations without added risk: As workloads move from on-prem to Azure, Aembit ensures their access remains secure, secretless, and aligned with zero trust principles. Elimination of static credentials: By replacing long-lived secrets with short-lived, identity-based access, Aembit helps reduce attack surface and developer overhead. Unified visibility for audit and compliance: All workload access is logged and attributed, making it easier to investigate incidents and meet compliance requirements across hybrid Microsoft environments. These features build on Aembit's mission to proactively secure access for the growing number of non-human identities operating across modern IT environments. Aembit replaces static credentials with just-in-time, identity-based access – helping builders move faster while giving security teams confidence in how workloads connect across hybrid environments. Aembit is now available in the Azure Marketplace, making it easier for organizations to integrate workload IAM into their Microsoft-based infrastructure with familiar procurement workflows. About Aembit Aembit is the leading provider of workload identity and access management solutions, designed to secure non-human identities like applications, AI agents, and service accounts across on-premises, SaaS, cloud, and partner environments. Aembit's no-code platform enables organizations to enforce access policies in real time, ensuring the security and integrity of critical infrastructure. Users can visit and follow us on LinkedIn. Contact Apurva DavéAembitinfo@ Photo - - View original content to download multimedia: SOURCE Aembit Sign in to access your portfolio
Tahawul Tech
24-04-2025
- Business
- Tahawul Tech
Veeam Data Cloud delivers effortless data resilience
Veeam® Software, the #1 leader by market share in Data Resilience, announced recently the launch of Veeam Data Cloud for Microsoft Entra ID. With Entra ID (formerly Azure AD) facing over 600 million attacks daily[1], protecting organisations' digital identity has never been more critical. Veeam Data Cloud for Microsoft Entra ID is a Software-as-a-Service (SaaS) backup solution designed to simplify data resilience for Entra ID tenants, ensuring organisations can protect their essential assets. Support for Entra ID is the latest extension of Veeam Data Cloud, a powerful, unified and intuitive cloud platform. Delivered with the simplicity of SaaS, Veeam Data Cloud integrates modern cloud-native technologies and AI acceleration to protect, secure, and manage data on-premises and in the cloud to enhance business continuity and usability while driving greater efficiencies. 'Security starts with managing your users and ensuring the right people have access to the right systems. That's why protecting Entra ID is so important, and why it's the latest addition to our Veeam Data Cloud platform', said Niraj Tolia, Chief Technology Officer at Veeam. 'We are giving customers greater simplicity with an enterprise-ready, pre-hardened, and self-configured SaaS solution that removes the burden of managing and maintaining complex backup infrastructure'. Protecting Entra ID includes not only addressing cybersecurity threats, but also managing compliance requirements, recycle bin limits, accidental deletions, and policy misconfigurations. Veeam Data Cloud for Microsoft Entra ID offers comprehensive backup and restore capabilities for Entra ID users, groups, application registrations, and other objects, providing an all-in-one cloud service with unlimited storage and a unified UI for a streamlined user experience. With Veeam Data Cloud for Microsoft Entra ID, organisations can maintain data resilience and quickly recover from issues affecting Entra ID. Key features of Veeam Data Cloud for Microsoft Entra ID include: Proactive Protection: Enhances visibility and control over changes within Entra ID, ensuring business continuity, security, and compliance. Enhances visibility and control over changes within Entra ID, ensuring business continuity, security, and compliance. Effortless Recovery: Allows quick restoration of Entra ID users, groups, attributes, app registrations, logs, related metadata, and more with reliability. Allows quick restoration of Entra ID users, groups, attributes, app registrations, logs, related metadata, and more with reliability. Comprehensive Inclusion: Offers a secure backup service managed by experts, offloading maintenance, updates, and security fixes. 'Protecting Microsoft Entra ID has never been more important. In fact, one in five respondents in Futurum's Cybersecurity Decision Maker IQ research indicated credential compromise/account takeover as a security incident most impacting their organisation. Veeam is making resiliency for these environments, including visibility into potentially malicious behaviour and automated backup jobs, accessible to a broader range of customers by delivering it in a managed and hosted model with the addition of Entra ID protection to Veeam Data Cloud', said Krista Case, Research Director at The Futurum Group. Veeam Data Cloud already provides businesses with the ability to protect Microsoft 365 workloads and with the latest addition of Entra ID, existing customers can bundle Veeam Data Cloud for Entra ID with their existing Veeam Data Cloud for Microsoft 365 Flex and Premium investments to continue to only pay per Microsoft 365 user. As part of Veeam Data Cloud, customers can manage all their workloads across a single interface, extending the platform's comprehensive features to Entra ID and future workloads. These include advanced security controls such as role-based access control, reduced complexity, and streamlined reporting, all while offloading maintenance, updates, and security fixes. Veeam Data Cloud for Microsoft Entra ID is available now. For more information on Veeam, visit Image Credit: Veeam [1] Microsoft Digital Defence Report 2024
Techday NZ
24-04-2025
- Business
- Techday NZ
Veeam launches SaaS backup for Microsoft Entra ID in Data Cloud
Veeam Software has introduced a Software-as-a-Service (SaaS) backup solution for Microsoft Entra ID designed to strengthen data protection for organisations using the identity management platform. Microsoft Entra ID, previously known as Azure AD, is currently subject to more than 600 million attacks daily, highlighting the importance of digital identity security. The new Veeam Data Cloud for Microsoft Entra ID aims to simplify data resilience measures for Entra ID tenants and ensure continued access to critical identity and access management assets. This update represents the latest expansion of Veeam Data Cloud, combining cloud-native technologies and artificial intelligence acceleration to manage and secure data both on-premises and in cloud environments. Veeam states this approach is aimed at improving business continuity and operational efficiency while addressing the complexities of identity management backup. Niraj Tolia, Chief Technology Officer at Veeam, commented: "Security starts with managing your users and ensuring the right people have access to the right systems. That's why protecting Entra ID is so important, and why it's the latest addition to our Veeam Data Cloud platform. We are giving customers greater simplicity with an enterprise-ready, pre-hardened, and self-configured SaaS solution that removes the burden of managing and maintaining complex backup infrastructure." The SaaS offering is designed not only as a defence against cybercrime but also to support compliance requirements, overcome recycle bin limitations, reduce the impact of accidental deletions and address policy misconfigurations. The backup and restoration capabilities extend to Entra ID users, groups, application registrations, logs and related metadata, bringing together these functions in an all-in-one cloud-based service with unlimited storage and a consolidated user interface. Among the primary features detailed by Veeam are enhanced visibility and control over changes within Entra ID to reinforce business continuity, security and regulatory compliance; quick recovery of users, groups, attributes and other objects; and a managed backup service that includes maintenance, updates and security patches overseen by expert teams. Krista Case, Research Director at The Futurum Group, said: "Protecting Microsoft Entra ID has never been more important. In fact, one in five respondents in Futurum's Cybersecurity Decision Maker IQ research indicated credential compromise/account takeover as a security incident most impacting their organisation. Veeam is making resiliency for these environments, including visibility into potentially malicious behaviour and automated backup jobs, accessible to a broader range of customers by delivering it in a managed and hosted model with the addition of Entra ID protection to Veeam Data Cloud." Current Veeam Data Cloud customers already using Microsoft 365 protection can now bundle Entra ID coverage with their existing Microsoft 365 Flex and Premium packages, continuing Veeam's pay-per-user approach. This enables businesses to consolidate identity management backup alongside productivity workload protection under a single subscription structure. The unified interface of the Veeam Data Cloud platform allows customers to manage all of their protected workloads together, extending platform features such as advanced security controls, role-based access, streamlined reporting, and operational simplicity to Entra ID users. Maintenance and updates are managed by Veeam, further reducing the overhead for internal IT teams.
