July 17, 2024 at 07:06AM The 2024 Cloud & Data Security Summit begins today at 11AM ET in SecurityWeek’s virtual conference center. It will cover SaaS security trends, cyberattacks against cloud infrastructure, vendor patch management, data security posture management, and AI and LLM technologies. Sessions include discussions with industry experts and access to technical resources. … Read more
July 16, 2024 at 07:22AM SaaS applications face growing identity-based threats, with cybersecurity experts lacking the means to detect and respond effectively. The US CISA emphasizes that 90% of cyberattacks start with phishing, while stolen credentials, over-provisioned accounts, insider threats, and non-human identity hijacking further highlight identity as a top attack vector. Implementing Identity Threat … Read more
July 2, 2024 at 08:28PM Summary: Over 500 credentials were stolen from Snowflake environments, impacting at least 165 customers. The cybersecurity investigation labeled it an information-stealing malware incident, urging enhanced security measures. Experts advise collecting and analyzing account data, using a single sign-on provider, and limiting the blast radius of a breach to enhance security. … Read more
June 28, 2024 at 08:10AM Enterprises are struggling to secure their modern business infrastructure, specifically SaaS, as they continue to rely on outdated security programs. The shared responsibility model in SaaS requires customers to take ownership of components that are often targeted by threat actors, leading to growing SaaS attack activity. Implementing a true Zero … Read more
June 18, 2024 at 09:08AM The recent attacks on customer accounts hosted on the Snowflake data warehousing platform may indicate a shift towards targeting SaaS application environments by threat actors. A threat group, UNC3944, has broadened its focus to enterprise SaaS applications and uses tactics like ransomware attacks, credential phishing, social engineering, and creating new … Read more
June 18, 2024 at 07:30AM Organizations are increasingly prioritizing investment in SaaS security, with 70% establishing dedicated teams and boosting budgets and headcount, according to the Cloud Security Alliance’s “2025 CISO Plans and Priorities” survey. The report highlights improved security capabilities but also challenges in achieving visibility into business-critical apps. The adoption of SaaS Security … Read more
June 14, 2024 at 11:06AM Scattered Spider gang, also known as Octo Tempest, engages in social engineering attacks to steal data from SaaS apps. They use SMS phishing and SIM swapping for on-premise access. Their tactics expanded to cloud infrastructures without ransomware. They create new virtual machines, disable security protections, and exfiltrate data to cloud … Read more
June 13, 2024 at 07:48AM Financial cyber-attacks prompt tighter compliance regulations in the financial sector, with other industries expected to follow. Many companies lack efficient methods for managing SaaS security and compliance tasks. Free SaaS risk assessment tools offer incremental upgrades to help meet budget and security needs. Understanding financial sector cyber compliance is key … Read more
June 5, 2024 at 04:08PM The Cloud Security Alliance released the fourth Annual SaaS Security Survey Report, highlighting that 70% of organizations are prioritizing investment in SaaS security. It revealed the establishment of dedicated SaaS security teams and increased budgets. Despite challenges, companies investing in SaaS security are experiencing fewer security incidents, signaling a positive … Read more
June 4, 2024 at 08:13AM Summary: The browser security landscape has evolved, with traditional Browser Isolation now inadequate. A new report recommends a shift to Secure Browser Extensions due to the limitations of Browser Isolation, impact on productivity, and changing web-borne threats. Secure Browser Extensions offer improved performance, visibility, risk analysis, and granular enforcement, with … Read more