Privilege Escalation

Vectra Research recently discovered a method for leveraging functionality newly-released by Microsoft to perform lateral movement to another Microsoft tenant.

Recently, CISA released a new open-source tool named the Untitled Goose Tool that helps organizations investigate threats to Azure AD, M365 and Azure.

Recently, we investigated suspicious behavior in an environment where Azure passwordless authentication was set up. Prompting the investigations was several users were hit with unexpected Authenticator app prompts. To their credit, none of the users fell for the ruse or let the attacker in.

The Vectra Cognito Azure AD Privilege Anomaly Detection is a radical step forward when detecting account takeover events targeting Azure AD to gain access to mission-critical SaaS applications. With it, teams are alerted, and attacks can be stopped before they cause harm.

Account takeovers and identity-based attacks are on the rise, with Microsoft Office 365 at the heart of these threats. Find out what concerns are top of mind for IT decision makers when it comes to Office 365 security and protecting data in the cloud.

Vectra announces extended support for Azure AD in Cognito Detect for Office 365. Find out how this increased coverage can secure users' cloud identities and reduce consequences of supply chain attacks.

As witnessed by the SolarWinds attack, compromising a single Azure AD account gives an attacker access to multiple SaaS apps, including Microsoft Office 365. This single point has made it critical for organizations to be able to detect and respond to attacks from Azure AD.

The number of threats targeted towards Office 365 users and other similar platforms will undoubtedly continue to grow in 2021. Learn from our CTO, Oliver Tavakoli, what your company can do to prepare for the rise of targeted SaaS threats in 2021.

Learn how to mitigate online shopping threats and keep your personal data safe this holiday season.

With more than 200 million monthly subscribers, Office 365 is a rich target for cybercriminals. Learn why MFA no longer stops attackers in this new cybersecurity landscape but network detection and response can.

What the recent advanced threat actor 29 shows about the security limitations of indicator of compromise and how you can defend against privileged access attacks.

Privileged access is a key part of lateral movement in cyberattacks because privileged accounts have the widest range of access to critical information, making them the most valuable assets for attackers. The recent Twitter Hack compromising several high-profile accounts becomes another stark example.

OAuth has become a critical standard for access delegation in apps. However, the increasing incidents involving malicious OAuth apps, particularly in platforms like Office 365, underscore a significant vulnerability. This vulnerability persists even with multi-factor authentication (MFA) measures in place.

Since the early days of Vectra, we've been focused primarily on host devices. After all, hosts are the entities that generate the network traffic the Cognito platform analyses in looking for attacker behaviors.