OAuth Attacks on M365: Six Months of Hidden Threats

In the article "Never Just One Termite: Six Months of Researching OAuth Application Attacks," published on February 11, 2025, Matt Kiely of Huntress details an extensive investigation into malicious OAuth applications targeting Microsoft 365 (M365) environments.

Over a six-month period, Huntress discovered that a significant number of M365 tenants had unauthorized or malicious OAuth applications integrated into their systems. These applications, once granted permissions, could access and manipulate user data without detection, posing substantial security risks.

The research emphasizes the importance for administrators of M365 tenants to conduct immediate audits of their OAuth applications. Given the prevalence of these malicious integrations, proactive measures are essential to identify and remove unauthorized applications, thereby safeguarding organizational data and maintaining overall security. 

https://www.huntress.com/blog/never-just-one-termite-6-months-of-researching-oauth-application-attacks

Comments

Post a Comment

Popular posts from this blog

Opengrep: Open-Source SAST for Code Security and Innovation

Opengrep is a new open-source code security engine, forked from Semgrep CE due to licensing changes that restricted access to critical features. Backed by over 10 organizations, Opengrep aims to democratize Static Application Security Testing (SAST) by ensuring long-term accessibility and innovation for developers. It offers enhanced static code analysis capabilities, backward compatibility, and a commitment to keeping its features open and transparent. Opengrep invites community contributions to improve software security universally.  https://www.opengrep.dev/
Read more

OWASP SAMM Skills Framework Enhances Software Security Roles

The OWASP SAMM Skills Framework, introduced on February 9, 2025, is a new initiative donated by Siemens to enhance software security practices within organizations. This framework assigns specific responsibilities to SAMM (Software Assurance Maturity Model) streams, clarifying which roles are involved in advancing each stream. It provides guidance on the necessary skills and training for each role, aligning SAMM-related activities with appropriate stakeholders and their required competencies. This alignment helps organizations identify the right personnel and visualize shared responsibilities, ensuring a structured approach to secure product development. Implementing the OWASP SAMM Skills Framework involves several key steps. Organizations must first map responsibilities to roles, ensuring each task is assigned to the right individual. Next, they must evaluate and align stakeholders with specific SAMM streams, validating that those assigned understand and accept their roles in advanci...
Read more

Endor Labs Announces Integrated SAST Offerings

 Endor Labs recently announced that their Static Application Security Testing (SAST) toolset will be integrated into their platform, enhancing software security. This offering aims to help developers identify and fix code vulnerabilities earlier in the development cycle. By combining SAST with dependency management, Endor Labs provides a streamlined approach to managing and securing both custom code and third-party dependencies in a unified platform, which can improve efficiency and reduce security risks. For more details, you can read the full article  .
Read more