by | Sep 5, 2024 | Semperis
The Digital Operational Resilience Act (DORA) is an incoming European Union (EU) legislative framework aimed at fortifying the operational resilience of digital systems within the financial sector. All finance entities that operate in or with the EU need to achieve...
by | Aug 19, 2024 | Semperis
Key findings An Application Consent attack, also known as an Illicit Consent Grant attack, is a type of phishing attack in which a malicious actor gains access to an application and then exploits permissions that have been granted to that app. Semperis researcher Adi...
by | Aug 14, 2024 | Semperis
An organization’s data is one of its most valuable assets—and a prime target for cyberattackers, who prove time and again that their victims will pay large ransom sums to get exfiltrated data back. According to Semperis’ 2024 Ransomware Risk Report, 78% of...
by | Aug 13, 2024 | Semperis
This article details a series of Semperis security research team discoveries that resulted in the ability to perform actions in Entra ID beyond expected authorization controls, based on analysis of the OAuth 2.0 scope (permissions). Our most concerning discovery...
by | Aug 12, 2024 | Semperis
My friends know I’m a movie buff. Being also a mixed martial enthusiast, one of my all-time favorites is Fight Club, based on Chuck Palahniuk’s first novel. The story is about an identity crisis: rebelling against consumerism, trying to find truth and meaning in life,...
by | Aug 6, 2024 | Semperis
Forest Druid is a free attack path discovery tool for hybrid identity environments, such as Active Directory and Entra ID. Unlike traditional tools that map attack paths from the external perimeter inwards, Forest Druid focuses on protecting the most critical assets...