#1 Trusted Cybersecurity News Platform
Followed by 4.50+ million
The Hacker News Logo
Subscribe – Get Latest News

SaaS Security | Breaking Cybersecurity News | The Hacker News

Category — SaaS Security
State of SaaS Security Report: Bold Moves Required to Secure SaaS in 2024 and Beyond

State of SaaS Security Report: Bold Moves Required to Secure SaaS in 2024 and Beyond

Nov 12, 2024
The rapid adoption of SaaS solutions, accelerated by trends such as remote work, cloud computing, big data, and Generative AI (GenAI) has brought significant benefits to organizations. However, this transformation also introduces new attack surfaces and unique challenges for security teams, who must now consider how they can secure the intricate web of SaaS usage across their organization.  Today, the SaaS security landscape is characterized by several key themes and issues: Credential Theft and Stuffing: This trend is fueled by dark web marketplaces where breached credentials are bought, sold, and traded, making it easy for attackers to carry out credential stuffing attacks. Shadow SaaS: The explosion of unauthorized SaaS apps has led to a rise in employees inadvertently exposing sensitive data. Trial or demo accounts are a main source of shadow SaaS.  SaaS Sprawl: In 2023, the average number of SaaS apps used by a business reached 473. Our numbers indicate an increase ...
How Does Threat Intelligence Apply to SaaS Security? And Why You Should Care

How Does Threat Intelligence Apply to SaaS Security? And Why You Should Care

Sept 16, 2024
In just a few clicks, any SaaS app can turn into a company's go-to system for collaboration, record keeping, CRM, workflow organization, marketing, human resource management, and more. These apps can also act as footholds from which threat actors can pivot into corporate environments and steal critical data.  The rapid adoption of SaaS apps is outpacing the implementation of necessary security measures. The rise in attacks—such as account takeovers and credential leaks—highlights this gap. On the users' end, the responsibilities include taking a security-first approach to account configuration i.e., continuously monitoring for access risks and emerging threats to their data. But with so many users, so many apps and so much data, it's easier said than done.  What leaves companies exposed to data breaches and leaks is the lack of clarity, context, and prompt action. Security teams must make a massive effort to research threats, filter the relevant ones, assess the impact of p...
How Confident Are You That Your Critical SaaS Applications Are Secure? 

How Confident Are You That Your Critical SaaS Applications Are Secure? 

Sept 01, 2024
Software-as-a-service (SaaS) applications have become the backbone of many modern businesses. With the myriad of functionalities they offer, they maximize collaboration, agility, scalability, and ultimately, profits. So it's no wonder that companies rely on an incredible hundreds of apps today, up from dozens just a few years ago. But this rapid adoption has introduced brand-new vulnerabilities and elusive blind spots. 2024 saw many attacks originating from SaaS apps including those perpetrated by nation states . And the headlines about SaaS app attacks seem to be getting more ominous if that is even possible. The culprits behind the attacks come from outsiders, insiders, third parties, and even unintentional human errors or negligence. The need to address this snowballing trend has reached a critical point. Given the scale and speed of app development and adoption, we are creating a larger attack surface for increasingly capable adversaries every day. In such a high-stakes environm...
How to Investigate an OAuth Grant for Suspicious Activity or Overly Permissive Scopes

How to Investigate an OAuth Grant for Suspicious Activity or Overly Permissive Scopes

May 01, 2024
From a user's perspective, OAuth works like magic. In just a few keystrokes, you can whisk through the account creation process and gain immediate access to whatever new app or integration you're seeking. Unfortunately, few users understand the implications of the permissions they allow when they create a new OAuth grant, making it easy for malicious actors to manipulate employees into giving away unintended access to corporate environments. In one of the  highest-profile examples , Pawn Storm's attacks against the Democratic National Convention and others leveraged OAuth to target victims through social engineering.  Security and IT teams would be wise to establish a practice of reviewing new and existing OAuth grants programmatically to catch risky activity or overly-permissive scopes. And, there are new solutions for  SaaS security  cropping up that can make this process easier. Let's take a look at some best practices for prioritizing and investigating your or...
Cybersecurity Resources