#1 Trusted Cybersecurity News Platform
Followed by 4.50+ million
The Hacker News Logo
Subscribe – Get Latest News

SaaS Security | Breaking Cybersecurity News | The Hacker News

Category — SaaS Security
How Confident Are You That Your Critical Saas Applications Are Secure? 

How Confident Are You That Your Critical Saas Applications Are Secure? 

Sept 01, 2024
Software-as-a-service (SaaS) applications have become the backbone of many modern businesses. With the myriad of functionalities they offer, they maximize collaboration, agility, scalability, and ultimately, profits. So it's no wonder that companies rely on an incredible hundreds of apps today, up from dozens just a few years ago. But this rapid adoption has introduced brand-new vulnerabilities and elusive blind spots. 2024 saw many attacks originating from SaaS apps including those perpetrated by nation states . And the headlines about SaaS app attacks seem to be getting more ominous if that is even possible. The culprits behind the attacks come from outsiders, insiders, third parties, and even unintentional human errors or negligence. The need to address this snowballing trend has reached a critical point. Given the scale and speed of app development and adoption, we are creating a larger attack surface for increasingly capable adversaries every day. In such a high-stakes environm
How to Investigate an OAuth Grant for Suspicious Activity or Overly Permissive Scopes

How to Investigate an OAuth Grant for Suspicious Activity or Overly Permissive Scopes

May 01, 2024
From a user's perspective, OAuth works like magic. In just a few keystrokes, you can whisk through the account creation process and gain immediate access to whatever new app or integration you're seeking. Unfortunately, few users understand the implications of the permissions they allow when they create a new OAuth grant, making it easy for malicious actors to manipulate employees into giving away unintended access to corporate environments. In one of the  highest-profile examples , Pawn Storm's attacks against the Democratic National Convention and others leveraged OAuth to target victims through social engineering.  Security and IT teams would be wise to establish a practice of reviewing new and existing OAuth grants programmatically to catch risky activity or overly-permissive scopes. And, there are new solutions for  SaaS security  cropping up that can make this process easier. Let's take a look at some best practices for prioritizing and investigating your organization's grants
Cybersecurity Resources
Expert Insights