big news

A decade in, bootstrapped Thinkst Canary reaches $20M in ARR without VC funding | TechCrunch

Thrilled to be partnering with @PushSecurity to lead their Series B! Push is bring identity security to where work happens today - the browser. Hear from me, CEO @ajaybateman and @jordan_segall on why Push is the future of identity security:

Someone is using Evilginx to target customers of Onfido, part of Entrust, with a malicious Google advert that comes above the legitimate Onfido advert 🤯 Yes that us[.]com domain is actually an evilginx server - guess which advert is the malicious one

7/ At first, this might seem obvious, unrealistic or not that big a deal. Read the full article and dwell on it for a while. Trust me, the more you think about it, the more crazy you'll realize this is. Full article -

1/ A new class of phishing - how verification phishing and cross-idp impersonation can bypass your SSO. Here is a video demo, but this is one where you really need to read the full article too - https://t.co/R6xZaawwpr I'll summarize the key points in this thread.

BDR: Browser Detection and Response https://t.co/IOykCkZIpl

Identity Threat Detection and Response…What is it and how do we define it? @ajaybateman from @PushSecurity, breaks it down on the @CloudSecPodcast and other tools you may need in your Security defenses. 🎧 Don’t miss this episode! https://t.co/pJMqSKFeag #ITDR #CloudSecurity

1/ It’s fascinating how many layers of protection even poorly written AiTM phishing kits put in place to frustrate discovery now. I’m talking about the type of kit where the authors forgot to implement the JS encryption function placeholder they wrote so it returns clear text😂

Is the Snowflake breach, touted as the biggest in history, identity security’s WannaCry moment? Join Luke Jennings, VP R&D at @PushSecurity, to explore what Snowflake shows us about the complexity of the identity attack surface, and discuss the practical steps that

Some asked how to remove these ghost logins from Snowflake after migrating to SAML SSO. You can unset a user's password. The guidance is here: https://t.co/iyfJ6y8kzz

The Snowflake breach will be for cloud identity attacks what WannaCry was for Ransomware. Join @jukelennings to explore the practical takeaways from the incident. Select the best time for you using the dropdown menu. https://t.co/2JnS0FfB5C

While recommendations to enable MFA will certainly help combat these types of threats, it is important for organizations to understand the MFA is not a panacea. One example, described by @jukelennings of @PushSecurity , of how attackers can subvert MFA is Session Cookie Theft.

This year @ThinkstCanary cleared $19m in ARR. - We still have less than 40 people... - We still do "no" outbound sales... We believe more security-product companies can do this too, by focusing a little more on customer-love. We spoke about it at the @DecibelVC event at RSAC.

In town for #RSAC next week? I have a (super brief) talk at the @DecibelVC Oasis (on Tuesday) on why cybersecurity products need to focus a little less on war and a little more on love¹. https://t.co/0F7nO4y2nD __ ¹ With @ThinkstCanary as a case-study.

Now you can detect and block identity attacks directly inside any web browser. 1. Stop corp password reuse and phishing 2. Detect EvilGinx/EvilNoVNC 3. Session Hijacking detection ... and more. Hear the full announcement on @riskybusiness https://t.co/xQH9Yy2Kdj

Bypass MFA, own an Okta account, then persist after you are shut down. 1. Trick employee to auth to Okta via a transparent VNC session 2. Persist on downstream SaaS 3. SAMLJacking for "lateral movement" Check it out: https://t.co/RCrbZewuZu #redteam #blueteam

We've put together an index of the latest identity-based attacks, focusing on examples of networkless and SaaS-SaaS attacks that have been publicly disclosed. These attacks can tell us a lot about where identity attacks are headed. Check it out!

Can admins steal cloud password manager secrets? Tl;dr - Yes! I use Dashlane as an example but it’s a generic approach and may end up a hash dumping equivalent for the SaaS-native world. It’s worth understanding the details! https://t.co/ZujUvLDVk2

Catching @jukelennings talk on the evolution of attacks against Assad platforms 🔥 #socon2024