Blue Yonder SaaS giant breached by Termite ransomware gang

December 6, 2024 at 11:37AM The Termite ransomware gang has taken responsibility for the November breach affecting Blue Yonder, a software as a service (SaaS) provider. **Meeting Takeaways:** 1. **Incident Confirmation**: The Termite ransomware group has taken responsibility for the November breach involving Blue Yonder, a software as a service (SaaS) provider. 2. **Focus on … Read more

Microsoft Power Pages misconfigurations exposing sensitive data

November 15, 2024 at 01:39AM Misconfigured Microsoft Power Pages websites are exposing sensitive data of millions, including personal identifiable information (PII), due to lax access controls. Aaron Costello of AppOmni highlights significant leaks, such as one affecting 1.1 million NHS employees. Organizations must enhance security measures for external-facing sites to prevent data breaches. **Meeting Takeaways:** … Read more

CrowdStrike Spends to Boost Identity Threat Detection

November 12, 2024 at 03:39PM CrowdStrike has acquired Israeli startup Adaptive Shield for approximately $300 million to enhance its security posture management capabilities. This acquisition will strengthen its Falcon platform by integrating SaaS application monitoring, improving identity protection, and offering tools to manage and secure identities against increasingly common identity-based attacks. Completion is expected by … Read more

VEILDrive Attack Exploits Microsoft Services to Evade Detection and Distribute Malware

November 6, 2024 at 01:57PM The VEILDrive threat campaign leverages Microsoft services like Teams and SharePoint to distribute malware through spear-phishing. Discovered by Hunters in September 2024, the attack targeted a U.S. critical infrastructure, using compromised accounts and Quick Assist for remote access. This strategy complicates detection of the malware, which connects to adversary-controlled OneDrive. … Read more

5 SaaS Misconfigurations Leading to Major Fu*%@ Ups

November 1, 2024 at 07:33AM The article discusses key SaaS misconfigurations that pose security risks, including excessive help desk privileges, lack of MFA for super admins, unblocked legacy authentication, mismanaged super admin counts, and Google Groups view settings. It emphasizes the importance of continuous monitoring and fixing these issues to prevent data breaches and ensure … Read more

Stop LUCR-3 Attacks: Learn Key Identity Security Tactics in This Expert Webinar

November 1, 2024 at 12:57AM A webinar will address the growing threat of advanced cyber attackers infiltrating identity systems in organizations, particularly focusing on tactics used by the LUCR-3 group. Led by Ian Ahl, it aims to equip cybersecurity professionals with strategies to enhance identity security and proactive defenses against data breaches. Registration is limited. … Read more

Grip Security Releases 2025 SaaS Security Risks Report

October 24, 2024 at 05:50PM Grip Security’s report, “2025 SaaS Security Risks,” reveals that 90% of SaaS applications remain unmanaged, posing significant risks for organizations. With a 40% increase in SaaS applications and rising usage of AI tools, the need for a collaborative, identity-driven security approach is critical to mitigate these vulnerabilities effectively. **Meeting Takeaways … Read more

Think You’re Secure? 49% of Enterprises Underestimate SaaS Risks

October 23, 2024 at 06:36AM A significant portion of security practitioners lack awareness of their organization’s SaaS deployments, with only 15% centralizing SaaS security. This disconnect, paired with a culture that undervalues proactive security, leads to increased vulnerabilities. Establishing a security-first culture and implementing continuous monitoring are essential to mitigate risks associated with decentralized SaaS … Read more

Social Media Accounts: The Weak Link in Organizational SaaS Security

October 9, 2024 at 07:39AM Organizations often neglect social media account security, risking reputational damage and financial losses. With multiple access layers and stakeholders, proper governance is critical. Utilizing SaaS Security Posture Management (SSPM) tools can enhance oversight, mitigate risks, and ensure only authorized users engage on behalf of the brand. ### Meeting Takeaways – … Read more

Thousands of ServiceNow KB Instances Expose Sensitive Corporate Data

September 18, 2024 at 01:42PM ServiceNow’s enterprise knowledge bases (KBs) continue to expose sensitive corporate data, despite last year’s security improvements. AppOmni’s research found 45% of instances leaked internal data due to outdated configurations and misconfigured access controls. ServiceNow acknowledged the issue and identified changes but encountered challenges protecting KBs due to internal and external … Read more