September 10, 2024 at 07:39AM Shadow apps, a subset of Shadow IT, are SaaS applications procured without the security team’s knowledge. They may lack essential security measures and compliance standards, posing risks such as data leaks and regulatory violations. Standalone and integrated shadow apps both expand the company’s attack surface. SaaS Security Posture Management (SSPM) … Read more
September 9, 2024 at 06:45AM Wing Security’s SaaS Pulse offers organizations free continuous oversight into SaaS security, addressing evolving risks through real-time insights, threat intelligence, and risk prioritization. The tool aims to prevent unnoticed vulnerabilities by providing ongoing monitoring and actionable data, thereby avoiding expensive breaches and data leaks. Learn more at https://wing.security/. From the … Read more
September 4, 2024 at 06:22PM Palo Alto Networks spends $500 million to acquire IBM’s QRadar SaaS service, aiming for a customer share. IBM assures a seamless migration to PAN’s Cortex system for eligible customers. The partnership will focus on advanced threat protection, response, and security operations using Cortex XSIAM and watsonx. IBM will continue investing … Read more
September 4, 2024 at 07:19AM The report “Why Account Takeover Attacks Still Succeed, and Why the Browser is Your Secret Weapon in Stopping Them” emphasizes the threat of account takeover attacks in SaaS environments and the role of the browser in neutralizing them. It highlights tactics used in account takeovers and recommends a browser security … Read more
August 16, 2024 at 07:40AM SaaS applications offer convenience and efficiency but come with security risks, making due diligence essential. AppOmni offers the Due Diligence Questionnaire (DDQ) and SaaS Event Maturity Matrix (EMM) to simplify the process and enhance security measures. These resources facilitate identifying and addressing security gaps, streamlining the due diligence process and … Read more
July 15, 2024 at 07:09AM A threat actor, known as CRYSTALRAY, has expanded its operations and infected over 1,500 victims using open-source security tools. Their primary objectives include harvesting and selling credentials, deploying cryptocurrency miners, and maintaining persistence in victim environments. Various methods, including tool abuse and credential discovery, are employed, posing serious security risks. … Read more
June 6, 2024 at 09:32AM The Boston Red Sox are making comprehensive cybersecurity efforts by adopting a software-as-a-service model and embracing IoT at Fenway Park. Despite limited resources, support from Major League Baseball helps the team punch above its weight in cyber defense. Their security apparatus is dynamic and constantly evolving to protect IP, ensure … Read more
June 5, 2024 at 07:54AM Wing Security’s 2024 SaaS Security Report identified emergent threats and best practices for SaaS security. The report’s predictions have already manifested halfway through the year. Breach frequency is rising, demanding timelier threat alerts. Notably, Shadow AI, Supply Chain, Credential Access, and MFA Bypassing threats were outlined, all combatable with Automated … Read more
May 28, 2024 at 08:51AM Hg, a UK-based private equity company, has acquired AuditBoard for over $3 billion and invested $111 million in it. AuditBoard offers a platform for streamlining audits, compliance, risk detection, and ESG monitoring, with a claimed annual recurring revenue exceeding $200 million and over 2,000 customers. The acquisition reflects a long-term … Read more
May 22, 2024 at 06:49AM The Ultimate SaaS Security Posture Management (SSPM) Checklist, updated for 2025, addresses the growing challenge of securing the corporate SaaS sprawl. It emphasizes the need for a comprehensive SSPM solution covering misconfiguration management, identity security, permissions management, device-to-SaaS relationship, GenAI security posture, data leakage protection, and threat detection & response … Read more