Dropbox Breach Exposes Customer Credentials, Authentication Data

May 2, 2024 at 02:36PM Dropbox alerts customers of a data breach in its cloud-based service, exposing customer credentials and authentication data. Unauthorized access to the Dropbox Sign production environment compromised customer database, exposing emails, usernames, and hashed passwords. Dropbox took immediate mitigation steps, including password resets and restricting certain functionalities, while continuing to investigate … Read more

DropBox says hackers stole customer data, auth secrets from eSignature service

May 1, 2024 at 06:24PM Hackers breached Dropbox Sign’s production systems, accessing authentication tokens, MFA keys, hashed passwords, and customer data. The company detected unauthorized access on April 24 and found that threat actors gained access to an automated system configuration tool, allowing them to access the customer database. Dropbox reset all users’ passwords and … Read more

Sisense Password Breach Triggers ‘Ominous’ CISA Warning

April 11, 2024 at 06:19PM The US federal government warned customers of Sisense, a business analytics platform, about a password compromise. The Cybersecurity and Infrastructure Security Agency advised users to reset credentials and passwords for sensitive data. The platform, which serves over 2,000 companies, including Air Canada and Nasdaq, is an attractive target for supply … Read more

Join Our Webinar on Protecting Human and Non-Human Identities in SaaS Platforms

March 13, 2024 at 07:03AM Cybercriminals are increasingly targeting identities within SaaS applications, including human and non-human accounts, leading to data breaches and financial losses. While measures like multi-factor authentication protect human identities, safeguarding non-human identities requires advanced tactics like monitoring tools and automated security checks. Join the webinar to learn about defending SaaS environments … Read more

Secrets Sensei: Conquering Secrets Management Challenges

March 8, 2024 at 06:09AM In the cybersecurity realm, secrets management is essential in safeguarding sensitive data. This involves avoiding common mistakes such as hard coding secrets, inadequate key rotation, public storage, and over-provisioning of privileges. Additional pitfalls include improper lifecycle management, lack of audit trails, and failure to encrypt Kubernetes secrets. Strategies for remedying … Read more

GitHub enables push protection by default to stop secrets leak

February 29, 2024 at 01:59PM GitHub has introduced push protection by default for all public repositories, preventing accidental exposure of secrets like access tokens and API keys during code pushes. The feature scans for over 200 token types and patterns from 180+ providers and allows users to remove or bypass detected secrets. Push protection is … Read more

Sumo Logic wrestles with security breach, pins down customer data

November 21, 2023 at 11:38AM Sumo Logic has confirmed that no customer data was compromised in a potential security breach. The company discovered unauthorized access to one of its AWS accounts but quickly secured the infrastructure and rotated customer credentials as a precaution. Sumo Logic will undertake further evaluation to prevent future incidents. Key takeaways … Read more

Sumo Logic discloses security breach, advises API key resets

November 8, 2023 at 01:31PM Security and data analytics company, Sumo Logic, disclosed a security breach after its AWS account was compromised. The breach was discovered on November 3rd when an attacker used stolen credentials to gain access. Customer data remains encrypted, and Sumo Logic has implemented extra security measures and advised customers to rotate … Read more