November 19, 2024 at 06:35AM Shadow IT arises when employees use unapproved software to enhance productivity, bypassing cumbersome processes and security mechanisms. This trend persists even in small startups and can be exacerbated by no-code/low-code tools, which can create custom applications that interact with unauthorized systems, posing security risks while potentially enhancing visibility for IT … Read more
November 14, 2024 at 08:09AM Misconfigured access controls in Microsoft Power Pages are exposing millions of sensitive records online, as many sites fail to implement necessary security measures. This widespread issue affects various industries, allowing unauthorized access to personal data, including that of 1.1 million NHS employees. Awareness exists, but negligence persists among developers. ### … Read more
November 13, 2024 at 07:15AM The rise of SaaS and cloud environments has increased cybersecurity threats, particularly through browsers. LayerX released a guide, “Kickstarting Your Browser Security Program,” outlining steps for implementing browser security, including threat mapping, stakeholder collaboration, and gradual rollouts. Successful programs adapt to evolving risks, focusing on data protection and credential safety. … Read more
November 6, 2024 at 08:36AM CrowdStrike is acquiring Israeli SaaS security company Adaptive Shield for approximately $300 million. This acquisition aims to enhance the capabilities of its Falcon cybersecurity platform. **Meeting Takeaways:** 1. **Acquisition Announcement**: CrowdStrike is acquiring Adaptive Shield, an Israeli SaaS security firm. 2. **Purpose of Acquisition**: The acquisition aims to enhance the … Read more
October 31, 2024 at 08:05AM LottieFiles faced a security breach after a developer account was compromised, leading to malicious code being pushed to users, potentially draining their crypto wallets. The company released a safe version (2.0.8) and assured users that their other services were unaffected. Outside security experts were involved in resolving the incident. **Meeting … Read more
October 31, 2024 at 05:05AM LottieFiles reported malicious code in npm package versions 2.0.5, 2.0.6, and 2.0.7, prompting users to connect cryptocurrency wallets. They released version 2.0.8 to remedy the issue, advising users to upgrade. The malicious activity affected no other services or repositories, while investigations continue into the breach’s impact. ### Meeting Takeaways: 1. … Read more
October 23, 2024 at 09:55AM Identity security is increasingly critical due to recent breaches involving major companies. A Permiso report reveals 45% of organizations are concerned about their tools’ effectiveness. Human identities, often seen as riskier, lead to impersonation attacks and data breaches. A unified approach is needed to enhance identity security across environments. ### … Read more
September 17, 2024 at 07:33AM OpenAI introduced improvements to data analysis in ChatGPT, allowing users to integrate with Google Drive and Microsoft OneDrive. However, this deep integration raises cybersecurity challenges. The post advises how to monitor and manage these connections in Google Workspace and recommends Nudge Security for discovering and managing all genAI integrations to … Read more
September 13, 2024 at 03:56PM Fortinet confirms data compromise by hacker “Fortibitch” leaking 440GB of data via BreachForums. The breach impacted less than 0.3% of its customers worldwide. CloudSEK observed leaked customer, financial, and HR data. Incident highlights cloud data exposure risks. Experts suggest rethinking cloud security with multifactor authentication, monitoring, and encryption. The incident … Read more
September 12, 2024 at 09:36AM Aembit, a non-human identity and access management (IAM) provider, has raised $25 million in a Series A funding round, bringing the total raised to $45 million. The startup, founded in 2021, aims to solve the challenge of access between distributed applications and SaaS services. Aembit’s solution provides policy-based access management … Read more