Rolling-your-own SaaS discovery
We’ve compiled some methods for discovering SaaS. Lets explore each approach and learn new ways to discover unknown SaaS, capture SaaS use, and secure it.
How to find a malicious OAuth app on Microsoft 365
How do you find a malicious Microsoft 365 OAuth app? Learn what to look for, and what to ignore, when checking your users haven't been consent phished.
Investigating user delegated OAuth tokens in Google Workspace - a ride along
Introduction to OAuth tokens in Google Workspace, how they are used, reasons you might want to review them, and a discussion of how you might go about it.
Consent phishing: the emerging phishing technique that can bypass 2FA
Consent phishing is an emerging technique attackers are using to compromise user accounts, even if they have Multi-factor Authentication (MFA or 2FA) enabled.
Case study: Business Email Compromise (BEC) attack nearly cost us millions
A story by the owner of an Engineering company on how they almost lost millions from a Business Email Compromise (BEC) style attack. An interesting BEC example.
Email security: How hackers use mail rules to access your inbox
After phishing campaigns target Office 365 and Google Workspace users, malicious mail rules are automatically added to the user’s mailbox. Take steps to defend.
Should you disable external email auto-forwarding?
External email auto-forwarding is a feature but also a risk; learn whether you should disable it, and, if you can't, how to manage the risk through detection.
Push Security’s early access preview is live! 🚀
We built Push to help small and medium-sized organisations get security done, in the easiest, lowest friction way possible.