The threat research team of SaaS security company Obsidian has found a potentially expansive identity security risk that involves the fintech startup Argyle, an integration service for verifying income and employment data.
In February, Obsidian detected a risk for organizations who are linked to Argyle through integrations with HR Management (HRM) systems widely used by the Global 2000. Argyle’s service poses serious security implications to these organizations because it prompts their employees to input corporate identity credentials through “permissioned payroll connections” into the Argyle platform – providing a pathway for unauthorized access and data compromise.
Argyle collects data that is used by the mortgage, background check, personal lending and banking industries as well as the gig economy.
Based on what Obsidian is seeing in its customer environments, it has reason to believe that many companies are at risk of credential harvesting, session cookie leakage, unauthorized access to other systems, and even falling afoul of U.S. hacking laws. The patterns that Obsidian is seeing resemble common identity theft threats, such as those for initial access from an access broker such as Okta, or fully executed payroll theft after an account takeover.
You can read the details here.
New threat research: 300% surge in SaaS attacks signals a shift in threat actor targets
Posted in Commentary with tags Obsidian on January 27, 2025 by itnerdObsidian has released its new 2025 SaaS Security Threat Report that reveals SaaS breaches have surged by a staggering 300% over the past year and that SaaS applications were the attack vector behind the majority of the biggest incidents, including MGM, Microsoft, AT&T, and Okta.
These findings signal a shift among nation-state and criminal threat actors – including groups like Midnight Blizzard, Scattered Spider, ShinyHunters, and more – who are targeting SaaS platforms as the new “frontline” attack vector as more data shifts to popular SaaS apps like Microsoft Office 365, Google Workspace, ServiceNow, Slack and Okta.
The new report is based on the industry’s largest repository of SaaS-related attack data, including direct involvement in over 150 incident responses alongside leading firms like GuidePoint and Kroll.
You can read the report here.
Leave a comment »