12 Jan 2023
SES-pionage
What do attackers do with exposed AWS access keys? We look inside AWS SES to give deeper insights into the service, why & how its targeted and how to detect it.
READ MORE
29 Dec 2022
Cloud Cred Harvesting Campaign - Grinch Edition
The Grinch targets Jupyter this Christmas with a cloud cred harvesting campaign.
READ MORE
25 Oct 2022
AWS Enhancements to UpdateLoginProfile and CreateLoginProfile logging
Logging by cloud providers and identity providers sometimes does not contain the level of detail needed for detections. We found a case in AWS when a login profile is created or updated without the reset password flag set to true.
READ MORE
16 Sep 2022
Password spray enters the Okta-gon
Identity Providers (IDPs), like Okta have always been a juicy target for threat actors of all skill levels. Permiso identified a large Okta password spraying campaign that took place in late August.
READ MORE
29 Aug 2022
You down with IDP? Impersonate me!
Permiso Security and ACV Auctions, while collaborating on cloud detection efforts, discovered an impersonation technique in Okta application user assignments. This technique is being utilized for both benign and nefarious purposes.
READ MORE
15 Aug 2022
Achieving SOC 2 Type 1 Certification - Helping companies feel more secure about Permiso while we help them secure their public cloud
We're excited to announce that Permiso is now SOC 2 Type I certified. This certification signifies that an independent third-party auditor has validated the design of our security program controls against an established set of Trust Service Principles.
READ MORE
Search
Choose Category