August 21, 2024 at 07:33AM SaaS applications have revolutionized operations but introduced security vulnerabilities. With the increasing complexity of interconnected SaaS apps, organizations struggle to monitor and secure access. Understanding app usage, permissions, and actions is crucial, along with implementing measures like multi-factor authentication and access monitoring to prevent breaches. Proactive security measures are essential … Read more
August 14, 2024 at 11:16AM Email attacks have dramatically increased, with Abnormal Security’s H1 2024 analysis showing a 50% rise from H2 2023. CISO Mike Britton discusses the limitations of Multi-Factor Authentication (MFA), reasons for email attacks’ popularity, and the potential impact of AI on phishing. The report also highlights the surge in file-sharing attacks … Read more
August 8, 2024 at 11:00AM AppOmni analyzed 230 billion SaaS audit log events, finding that most SaaS security incidents involve simple smash and grab incursions, with attackers using legitimate credentials for entry. The use of MITRE ATT&CK kill chain is minimal. AppOmni recommends implementing a full zero trust policy with effective MFA to prevent attacker … Read more
August 6, 2024 at 08:06AM The text discusses the challenges of insider threats in SaaS security and the importance of detecting and responding to these threats. It introduces the concept of Identity Threat Detection & Response (ITDR) and its role in monitoring and responding to suspicious behavior, emphasizing the need for a comprehensive SaaS security … Read more
July 17, 2024 at 07:06AM The 2024 Cloud & Data Security Summit begins today at 11AM ET in SecurityWeek’s virtual conference center. It will cover SaaS security trends, cyberattacks against cloud infrastructure, vendor patch management, data security posture management, and AI and LLM technologies. Sessions include discussions with industry experts and access to technical resources. … Read more
July 16, 2024 at 07:22AM SaaS applications face growing identity-based threats, with cybersecurity experts lacking the means to detect and respond effectively. The US CISA emphasizes that 90% of cyberattacks start with phishing, while stolen credentials, over-provisioned accounts, insider threats, and non-human identity hijacking further highlight identity as a top attack vector. Implementing Identity Threat … Read more
July 2, 2024 at 08:28PM Summary: Over 500 credentials were stolen from Snowflake environments, impacting at least 165 customers. The cybersecurity investigation labeled it an information-stealing malware incident, urging enhanced security measures. Experts advise collecting and analyzing account data, using a single sign-on provider, and limiting the blast radius of a breach to enhance security. … Read more
June 28, 2024 at 08:10AM Enterprises are struggling to secure their modern business infrastructure, specifically SaaS, as they continue to rely on outdated security programs. The shared responsibility model in SaaS requires customers to take ownership of components that are often targeted by threat actors, leading to growing SaaS attack activity. Implementing a true Zero … Read more
June 18, 2024 at 09:08AM The recent attacks on customer accounts hosted on the Snowflake data warehousing platform may indicate a shift towards targeting SaaS application environments by threat actors. A threat group, UNC3944, has broadened its focus to enterprise SaaS applications and uses tactics like ransomware attacks, credential phishing, social engineering, and creating new … Read more
June 18, 2024 at 07:30AM Organizations are increasingly prioritizing investment in SaaS security, with 70% establishing dedicated teams and boosting budgets and headcount, according to the Cloud Security Alliance’s “2025 CISO Plans and Priorities” survey. The report highlights improved security capabilities but also challenges in achieving visibility into business-critical apps. The adoption of SaaS Security … Read more