The Hacker News Logo
Subscribe to Newsletter
CrowdSec

The Hacker News - Cybersecurity News and Analysis: Adaptive Shield

Manual vs. SSPM: Research on What Streamlines SaaS Security Detection & Remediation

Manual vs. SSPM: Research on What Streamlines SaaS Security Detection & Remediation

June 23, 2022The Hacker News
When it comes to keeping SaaS stacks secure, IT and security teams need to be able to streamline the detection and remediation of misconfigurations in order to best protect their SaaS stack from threats. However, while companies adopt more and more apps, their increase in SaaS security tools and staff has lagged behind, as found in the  2022 SaaS Security Survey Report.  The survey report, completed by Adaptive Shield in conjunction with Cloud Security Alliance (CSA), dives into how CISOs today are managing the growing SaaS app attack surface and the steps they are taking to secure their organizations.  The report finds that at least 43% of organizations have experienced a security incident as a result of a SaaS misconfiguration; however, with another 20% being "unsure," the real number could be  as high as 63% . These numbers are particularly striking when compared to the 17% of organizations experiencing security incidents due to an IaaS misconfiguration.  Bearing this
7 Key Findings from the 2022 SaaS Security Survey Report

7 Key Findings from the 2022 SaaS Security Survey Report

May 19, 2022The Hacker News
The  2022 SaaS Security Survey Report,  in collaboration with CSA, examines the state of SaaS security as seen in the eyes of CISOs and security professionals in today's enterprises. The report gathers anonymous responses from 340 CSA members to examine not only the growing risks in SaaS security but also how different organizations are currently working to secure themselves. Demographics The majority (71%) of respondents were located in the Americas, another 17% from Asia, and 13% from EMEA. Of these participants 49% influence the decision-making process while 39% run the process itself. The survey examined organizations from a variety of industries, such as telecommunications (25%), finance (22%), and government (9%).  While there are many takeaways from the survey, these are our top seven.  1: SaaS Misconfigurations are Leading to Security Incidents Since 2019, SaaS misconfigurations have become a top concern for organizations, with at least 43% of organizations reporting
Into the Breach: Breaking Down 3 SaaS App Cyber Attacks in 2022

Into the Breach: Breaking Down 3 SaaS App Cyber Attacks in 2022

April 07, 2022The Hacker News
During the last week of March, three major tech companies - Microsoft, Okta, and HubSpot - reported significant data breaches. DEV-0537, also known as LAPSUS$, performed the first two. This highly sophisticated group utilizes state-of-the-art attack vectors to great success. Meanwhile, the group behind the HubSpot breach was not disclosed. This blog will review the three breaches based on publicly disclosed information and suggest best practices to minimize the risk of such attacks succeeding against your organization.  HubSpot - Employee Access On March 21, 2022,  HubSpot reported the breach  which happened on March 18. Malicious actors compromised a HubSpot employee account that the employee used for customer support. This allowed malicious actors the ability to access and export contact data using the employee's access to several HubSpot accounts.  With little information regarding this breach, defending against an attack is challenging, but a key configuration within HubSpo
How to Automate Offboarding to Keep Your Company Safe

How to Automate Offboarding to Keep Your Company Safe

March 03, 2022The Hacker News
In the midst of 'The Great Resignation,' the damage from employees (or contractors) leaving an organization might be one of the greatest risks facing IT teams today. The reality is that in the busy enterprise computing environment, user onboarding and offboarding is a fact of daily life.  When employee counts range into the five-figure territory — and entire networks of contractors have to be accounted for as well — it's easy to lose track of who's, literally, coming and going. Oftentimes, there are "offboarding" steps that are forgotten about — disabling or removing the user from Active Directory or IAM is not sufficient as the user may have local credentials on some of the SaaS platforms or other sensitive systems.  Technically speaking, there are ways to automate offboarding using protocols such as SCIM and JIT mapping; however, it requires a high level of maturity in an IT environment and the staff to implement it. For organizations not implementing SC
Online Courses and Software

Sign up for cybersecurity newsletter and get latest news updates delivered straight to your inbox daily.