Latest news with #Semperis
Techday NZ
2 days ago
- Business
- Techday NZ
Semperis warns nOAuth flaw in Entra ID risks SaaS accounts
Semperis has published new research highlighting the ongoing risk posed by the nOAuth vulnerability in Microsoft's Entra ID, which may allow attackers to take over SaaS application accounts with minimal effort. According to the research, nOAuth remains undetected by many SaaS vendors and is very difficult for enterprise customers to defend against. The vulnerability, originally disclosed in 2023 by Omer Cohen of Descope, arises due to a flaw in how certain SaaS applications implement OpenID Connect, particularly when unverified email claims can be used as user identifiers in Entra ID app configurations. This practice contrasts with recommended OpenID Connect standards. Semperis' follow-up investigation examined applications listed in Microsoft's Entra Application Gallery, finding that over a year after its initial disclosure, a substantial portion of applications remain vulnerable to nOAuth abuse. Risk to enterprises The core issue with nOAuth is that attackers require only their own Entra tenant and the email address of a target user to potentially gain full access to that person's account in a vulnerable SaaS application. Traditional defences, including Multi-Factor Authentication (MFA), conditional access, and Zero Trust policies, do not mitigate this risk. This presents a challenge for both developers and end-users. As Eric Woodruff, Chief Identity Architect at Semperis, explained, "It's easy for well-meaning developers to follow insecure patterns without realising it and in many cases, they don't even know what to look for. Meanwhile, customers are left with no way to detect or stop the attack, making this an especially dangerous and persistent threat." Through comprehensive testing of more than 100 Entra-integrated SaaS applications, Semperis identified that nearly 10% were susceptible to nOAuth exploitation. Once access is obtained via this vulnerability, attackers may exfiltrate data, maintain persistence, and potentially move laterally within the victim organisation's environment. Detection and mitigation challenges Detection of nOAuth abuse is exceptionally difficult, as successful attacks leave minimal traces within standard user activity logs. Deep correlation across both Entra ID and individual SaaS platform logs is required to identify potential breaches. Semperis' research indicates that exploitation continues to be possible, despite the initial public disclosure and vendor recommendations. Highlighting the severity of the nOAuth issue, Woodruff added, "nOAuth abuse is a serious threat that many organisations may be exposed to. It's low effort, leaves almost no trace and bypasses end-user protections. We've confirmed exploitation is still possible in many SaaS apps, which makes this an urgent call to action. We encourage developers to implement the necessary fixes and help protect their customers before this flaw is exploited further." Semperis has communicated its findings to both affected SaaS vendors and Microsoft, beginning in December 2024. Some vendors have taken steps to address the issue, while others reportedly remain vulnerable. Industry response and recommendations The Microsoft Security Response Centre (MSRC) advises SaaS application vendors to implement its security recommendations regarding user identification and OpenID Connect integration. Firms failing to comply may risk removal from the Entra Application Gallery. Semperis continues to focus on identity threat detection, with recent announcements regarding new detection features addressing other critical vulnerabilities such as BadSuccessor and Silver SAML. These findings exemplify ongoing risks within enterprise identity services, where configuration weaknesses in authentication protocols can present significant challenges for both software providers and their customers. The nOAuth vulnerability underlines the importance of not only secure development practices but also continuous monitoring as enterprise reliance on SaaS and identity federation increases. Semperis' report calls for prompt action from SaaS vendors to update their authentication implementations to address this persistent risk.
Techday NZ
10-06-2025
- Business
- Techday NZ
Semperis adds detection for BadSuccessor flaw in Windows 2025
Cybersecurity firm Semperis has introduced new detection capabilities in its Directory Services Protector (DSP) platform, aiming to protect organisations against "BadSuccessor" — a newly disclosed privilege escalation technique in Windows Server 2025 that currently has no available patch. The BadSuccessor flaw, revealed by researchers at Akamai, targets delegated Managed Service Accounts (dMSAs), a new Windows Server 2025 feature designed to enhance the security of service accounts. Instead, the researchers demonstrated how the feature can be exploited to impersonate highly privileged users in Active Directory, such as Domain Admins, without needing additional credentials or triggering alerts. In direct response to Akamai's findings, Semperis worked with the researchers to develop and deploy new detection indicators within its DSP platform. The enhancements include one new Indicator of Exposure (IOE) and three Indicators of Compromise (IOCs), designed to help organisations identify early signs of potential abuse. "Semperis moved quickly to translate the vulnerability into real-world detection capabilities for defenders, demonstrating how collaboration between researchers and vendors can lead to rapid, meaningful impact," said Yuval Gordon, Security Researcher at Akamai. The detection indicators are focused on revealing abnormal behaviour around dMSAs, including excessive delegation rights, suspicious links between dMSAs and privileged accounts, and attempts to target sensitive credentials like the KRBTGT account. According to Semperis, this can give security teams a vital head start in identifying attacks before they can escalate. "Service accounts remain one of the least governed yet most powerful assets in enterprise environments," said Tomer Nahum, Security Researcher at Semperis. "This collaboration with Akamai allowed us to close detection gaps fast and give defenders visibility into a deeply complex area of Active Directory that attackers continue to exploit." The vulnerability has broad implications. Any organisation operating at least one domain controller (DC) running Windows Server 2025 may be at risk. According to Semperis, even a single misconfigured DC using dMSAs could expose the entire Active Directory environment to compromise. As there is currently no fix for the vulnerability, Semperis is urging organisations to take immediate steps to protect their environments. These include auditing dMSA configurations, reviewing delegation permissions, and employing detection tools such as the updated DSP platform. The new detection features aim to support defenders in closing a critical visibility gap. Service accounts, such as dMSAs, often run with elevated privileges but remain unmonitored or poorly managed in many enterprise environments. This lack of oversight creates a potential blind spot for attackers to exploit — a challenge the BadSuccessor technique highlights sharply. Semperis stated that the DSP update is available now and is intended to offer a stopgap solution for organisations as they await official mitigation from Microsoft. The case also serves as a reminder of the growing complexity of managing hybrid identity environments. With attackers increasingly targeting infrastructure such as Active Directory, new features — however well-intentioned — can quickly become unexpected attack vectors. Gordon added, "The abuse of service accounts is a growing concern, and this high-profile vulnerability is a wake-up call." Until a patch is released, security teams are advised to remain vigilant and proactive. By monitoring dMSA activity and understanding their configuration risks, organisations can reduce their exposure to what could otherwise be a silent but highly impactful method of privilege escalation.
Techday NZ
09-06-2025
- Business
- Techday NZ
Semperis adds detection for dMSA attacks in Windows Server
Semperis has announced new detection capabilities in its Directory Services Protector platform in collaboration with Akamai to address the "BadSuccessor" privilege escalation technique in Windows Server 2025. BadSuccessor targets a new Windows Server 2025 feature called delegated Managed Service Accounts (dMSAs), which was designed to improve service account security. Researchers at Akamai have shown that attackers can exploit dMSAs to impersonate highly privileged users, such as Domain Admins, within Active Directory. At present, there is no patch available to address this vulnerability. Service accounts, including dMSAs, often operate with extensive or unmonitored privileges, creating potential security risks for enterprises. The exploitation method uncovered by Akamai highlights ongoing challenges in securing service accounts and preventing unexpected attack vectors within large organisations. In response, Semperis has updated its Directory Services Protector platform to include one new Indicator of Exposure and three Indicators of Compromise aimed at detecting abnormal dMSA activity. These enhancements will enable security teams to identify excessive delegation rights, malicious connections between dMSAs and privileged user accounts, and attacks directed at sensitive accounts such as KRBTGT. "Semperis moved quickly to translate the vulnerability into real-world detection capabilities for defenders, demonstrating how collaboration between researchers and vendors can lead to rapid, meaningful impact. The abuse of service accounts is a growing concern, and this high-profile vulnerability is a wake-up call," said Yuval Gordon, Security Researcher at Akamai. "Service accounts remain one of the least governed yet most powerful assets in enterprise environments. This collaboration with Akamai allowed us to close detection gaps fast and give defenders visibility into a deeply complex area of Active Directory that attackers continue to exploit," said Tomer Nahum, Security Researcher at Semperis. The vulnerability is present in any organisation that operates at least one domain controller running Windows Server 2025. According to Semperis, a single misconfigured domain controller can place the entire environment at risk. Until vendors release an official patch, organisations are encouraged to audit dMSA permissions and use detection tools to monitor for misuse. Semperis is reinforcing cybersecurity for enterprises by protecting critical identity services that underpin hybrid and multi-cloud environments. Purpose-built for securing complex identity infrastructures — including Active Directory, Entra ID, and Okta — Semperis' AI-powered platform safeguards more than 100 million identities from cyberattacks, data breaches, and operational missteps. Headquartered in Hoboken, New Jersey, the privately held international company supports major global brands and government agencies, with customers spanning over 40 countries. Beyond its core technology offerings, Semperis is recognized for its commitment to the cybersecurity community. The company sponsors a range of industry resources, including the award-winning Hybrid Identity Protection (HIP) Conference, the HIP Podcast, and free identity security tools such as Purple Knight and Forest Druid. With its dual mission to protect digital infrastructure and empower the security community, Semperis continues to play a pivotal role in advancing global cyber resilience. Follow us on: Share on:
Yahoo
06-06-2025
- Business
- Yahoo
Jen Easterly to Keynote 2025 Hybrid Identity Protection Conference
Easterly joins identity-first defenders at the award-winning conference, October 7–9 in Charleston, SC HOBOKEN, N.J., June 6, 2025 /PRNewswire/ -- Semperis, a leader in AI-powered identity security and cyber resilience, today announced that Jen Easterly, former Director of the U.S. Cybersecurity and Infrastructure Security Agency (CISA), will keynote the Hybrid Identity Protection Conference (HIP Conf), taking place October 7-9 in Charleston, SC. A globally recognized leader in cybersecurity and national defense, Easterly led CISA through a transformative period—scaling it into a $3 billion agency with over 10,000 personnel and establishing it as a cornerstone of U.S. cyber defense. A combat veteran, former Morgan Stanley executive, and cybersecurity pioneer, Easterly brings decades of experience at the intersection of security, technology, and resilience. "Defenders working in hybrid identity environments set the standard for resilience in a world where adversaries move fast and trust is everything," said Easterly. "We are in an era where adversaries exploit every weakness and identity is the first and last line of defense. I am looking forward to joining this community at the upcoming HIP Conf." HIP Conf is the premier global event for identity-first defenders, uniquely focused on securing hybrid and multi-cloud environments. This year's Semperis' conference will deliver the latest in identity threat detection and response (ITDR); Active Directory, Entra ID, and Okta security; and building operational resilience in a rapidly evolving threat landscape. The 2025 program features a robust lineup of technical sessions and strategic insights from dozens of leaders across industry, government, and academia. Key sessions include: What's New, What's Next? Active Directory Roadmap – Linda Taylor, Principal Software Engineer, Microsoft A Quarter Century, a Quarter Million Breaches: AD Security & Incident Response in 2025 – Michael Van Horenbeeck, CEO, The Collective The State of Identity Security 2026 – Henrique Teixeira, SVP, Strategy, Saviynt, and David Lee, Field CTO, Saviynt Beyond Backups: Practical Steps to Build Operational Resilience – Ben Cauwel, Head of Cyber Security, Capgemini From Hybrid to Full Cloud: Is It Right for You? – Joe Kaplan, Security Delivery Associate Director, Accenture Demystifying Managed Service Accounts: Best Practices & Security Measures to Reduce Risk – Jorge De Almeida Pinto, Senior Incident Response Lead, Semperis Additional speakers and sessions to be announced. Longtime HIP advocate Alex Weinert, Chief Product Officer at Semperis and former VP of Identity Security at Microsoft, returns to the stage for his third consecutive year. "Identity is the new security perimeter, and as organizations modernize their infrastructure, they need to stay ahead of increasingly complex identity-based attacks," said Weinert. "HIP continues to be a go-to event for real-world strategies and community connections. We're proud to be leading this important global conversation." Unlike broader cybersecurity conferences, HIP Conf is purpose-built for practitioners managing and defending hybrid identity environments. The event fosters long-term collaboration, community, and real-world knowledge sharing that continues well beyond the conference. For more information and to register for HIP Conf 25, visit: About the Hybrid Identity Protection Conference Mobile workforces, cloud applications, and digitalization are changing every aspect of the modern enterprise. With radical transformation comes new business risks. The Hybrid Identity Protection Conference (HIP Conf) is the premier educational forum for identity-centric practitioners. Whatever the industry sector or job function, HIP strives to provide its community with the insights and relationships needed to enable and protect today's digitally driven organizations. Learn more about HIP Conf 25 via our social media feeds: X / LinkedIn / Facebook About Semperis Semperis protects critical enterprise identity services for security teams charged with defending hybrid and multi-cloud environments. Purpose-built for securing hybrid identity environments—including Active Directory, Entra ID, and Okta—Semperis' AI-powered technology protects more than 100 million identities from cyberattacks, data breaches and operational errors. As part of its mission to be a force for good, Semperis offers a variety of cyber community resources, including the award-winning Hybrid Identity Protection (HIP) Conference, HIP Podcast, and free identity security tools Purple Knight and Forest Druid. Semperis is a privately owned, international company headquartered in Hoboken, New Jersey, supporting the world's biggest brands and government agencies, with customers in more than 40 countries. Learn more: Follow us: Blog / LinkedIn / X / Facebook / YouTube Media Contact:Bill KeelerSenior Director, PR & Commsbillk@ View original content to download multimedia: SOURCE Semperis Error in retrieving data Sign in to access your portfolio Error in retrieving data Error in retrieving data Error in retrieving data Error in retrieving data
Yahoo
06-06-2025
- Business
- Yahoo
Jen Easterly to Keynote 2025 Hybrid Identity Protection Conference
Easterly joins identity-first defenders at the award-winning conference, October 7–9 in Charleston, SC HOBOKEN, N.J., June 6, 2025 /PRNewswire/ -- Semperis, a leader in AI-powered identity security and cyber resilience, today announced that Jen Easterly, former Director of the U.S. Cybersecurity and Infrastructure Security Agency (CISA), will keynote the Hybrid Identity Protection Conference (HIP Conf), taking place October 7-9 in Charleston, SC. A globally recognized leader in cybersecurity and national defense, Easterly led CISA through a transformative period—scaling it into a $3 billion agency with over 10,000 personnel and establishing it as a cornerstone of U.S. cyber defense. A combat veteran, former Morgan Stanley executive, and cybersecurity pioneer, Easterly brings decades of experience at the intersection of security, technology, and resilience. "Defenders working in hybrid identity environments set the standard for resilience in a world where adversaries move fast and trust is everything," said Easterly. "We are in an era where adversaries exploit every weakness and identity is the first and last line of defense. I am looking forward to joining this community at the upcoming HIP Conf." HIP Conf is the premier global event for identity-first defenders, uniquely focused on securing hybrid and multi-cloud environments. This year's Semperis' conference will deliver the latest in identity threat detection and response (ITDR); Active Directory, Entra ID, and Okta security; and building operational resilience in a rapidly evolving threat landscape. The 2025 program features a robust lineup of technical sessions and strategic insights from dozens of leaders across industry, government, and academia. Key sessions include: What's New, What's Next? Active Directory Roadmap – Linda Taylor, Principal Software Engineer, Microsoft A Quarter Century, a Quarter Million Breaches: AD Security & Incident Response in 2025 – Michael Van Horenbeeck, CEO, The Collective The State of Identity Security 2026 – Henrique Teixeira, SVP, Strategy, Saviynt, and David Lee, Field CTO, Saviynt Beyond Backups: Practical Steps to Build Operational Resilience – Ben Cauwel, Head of Cyber Security, Capgemini From Hybrid to Full Cloud: Is It Right for You? – Joe Kaplan, Security Delivery Associate Director, Accenture Demystifying Managed Service Accounts: Best Practices & Security Measures to Reduce Risk – Jorge De Almeida Pinto, Senior Incident Response Lead, Semperis Additional speakers and sessions to be announced. Longtime HIP advocate Alex Weinert, Chief Product Officer at Semperis and former VP of Identity Security at Microsoft, returns to the stage for his third consecutive year. "Identity is the new security perimeter, and as organizations modernize their infrastructure, they need to stay ahead of increasingly complex identity-based attacks," said Weinert. "HIP continues to be a go-to event for real-world strategies and community connections. We're proud to be leading this important global conversation." Unlike broader cybersecurity conferences, HIP Conf is purpose-built for practitioners managing and defending hybrid identity environments. The event fosters long-term collaboration, community, and real-world knowledge sharing that continues well beyond the conference. For more information and to register for HIP Conf 25, visit: About the Hybrid Identity Protection Conference Mobile workforces, cloud applications, and digitalization are changing every aspect of the modern enterprise. With radical transformation comes new business risks. The Hybrid Identity Protection Conference (HIP Conf) is the premier educational forum for identity-centric practitioners. Whatever the industry sector or job function, HIP strives to provide its community with the insights and relationships needed to enable and protect today's digitally driven organizations. Learn more about HIP Conf 25 via our social media feeds: X / LinkedIn / Facebook About Semperis Semperis protects critical enterprise identity services for security teams charged with defending hybrid and multi-cloud environments. Purpose-built for securing hybrid identity environments—including Active Directory, Entra ID, and Okta—Semperis' AI-powered technology protects more than 100 million identities from cyberattacks, data breaches and operational errors. As part of its mission to be a force for good, Semperis offers a variety of cyber community resources, including the award-winning Hybrid Identity Protection (HIP) Conference, HIP Podcast, and free identity security tools Purple Knight and Forest Druid. Semperis is a privately owned, international company headquartered in Hoboken, New Jersey, supporting the world's biggest brands and government agencies, with customers in more than 40 countries. Learn more: Follow us: Blog / LinkedIn / X / Facebook / YouTube Media Contact:Bill KeelerSenior Director, PR & Commsbillk@ View original content to download multimedia: SOURCE Semperis Error in retrieving data Sign in to access your portfolio Error in retrieving data Error in retrieving data Error in retrieving data Error in retrieving data
