‘A single entry point can rapidly expand to greater enterprise impacts’: Microsoft introduces changes to tackle ShinyHunters



  • ShinyHunters abused OAuth trust in Salesforce by tricking users and later compromising SaaS integrations, stealing tokens to access hundreds of customer environments
  • Reports suggested up to 700 victims; attackers exfiltrated data via legitimate APIs, making activity appear normal and persistent
  • Microsoft responded with Defender for Cloud Apps upgrades, adding richer telemetry, near‑real‑time detection, and stronger governance over OAuth‑connected applications

The ShinyHunters cybercrime group were so creative in breaking into corporate Salesforce environments that they forced Microsoft’s hand, making the company introduce new security upgrades just to address the attacks.

Microsoft has revealed it is focusing on improving visibility into OAuth-connected applications and strengthening governance over third-party integrations in Microsoft Defender for Cloud Apps. The changes fall into two main categories: Improved detection and investigation, and new posture and governance capabilities.

https://cdn.mos.cms.futurecdn.net/cAewSdXkrLEUsD8muVzGX9-1920-80.jpg



Source link

Latest articles

spot_imgspot_img

Related articles

Leave a reply

Please enter your comment!
Please enter your name here

spot_imgspot_img