Data Analytics | Breaking Cybersecurity News | The Hacker News

Organizations now use an average of 112 SaaS applications —a number that keeps growing. In a 2024 study, 49% of 644 respondents who frequently used Microsoft 365 believed that they had less than 10 apps connected to the platform, despite the fact that aggregated data indicated over 1,000+ Microsoft 365 SaaS-to-SaaS connections on average per deployment. And that's just one major SaaS provider. Imagine other unforeseen critical security risks: Each SaaS app has unique security configurations —making misconfigurations a top risk. Business-critical apps (CRM, finance, and collaboration tools) store vast amounts of sensitive data, making them prime targets for attackers. Shadow IT and third-party integrations introduce hidden vulnerabilities that often go unnoticed. Large and small third-party AI service providers (e.g. audio/video transcription service) may not comply with legal and regulatory requirements, or properly test and review code. Major SaaS providers also have thous...

Microsoft has warned of a new wave of CACTUS ransomware attacks that leverage malvertising lures to deploy DanaBot as an initial access vector. The DanaBot infections led to "hands-on-keyboard activity by ransomware operator Storm-0216 (Twisted Spider, UNC2198), culminating in the deployment of CACTUS ransomware," the Microsoft Threat Intelligence team  said  in a series of posts on X (formerly Twitter). DanaBot , tracked by the tech giant as Storm-1044, is a multi-functional tool along the lines of Emotet, TrickBot, QakBot, and IcedID that's capable of acting as a stealer and a point of entry for next-stage payloads. UNC2198, for its part, has been previously observed infecting endpoints with IcedID to deploy ransomware families such as Maze and Egregor, as  detailed  by Google-owned Mandiant in February 2021. Per Microsoft, the threat actor has also taken advantage of initial access provided by QakBot infections. The shift to DanaBot, therefore, is likely the...