#1 Trusted Cybersecurity News Platform
Followed by 4.50+ million
The Hacker News Logo
Subscribe – Get Latest News
Cybersecurity

SSPM | Breaking Cybersecurity News | The Hacker News

Category — SSPM
Suspicious Minds: Insider Threats in The SaaS World

Suspicious Minds: Insider Threats in The SaaS World

Aug 06, 2024 SaaS Security / Threat Detection
Everyone loves the double-agent plot twist in a spy movie, but it's a different story when it comes to securing company data. Whether intentional or unintentional, insider threats are a legitimate concern. According to CSA research , 26% of companies who reported a SaaS security incident were struck by an insider.  The challenge for many is detecting those threats before they lead to full breaches. Many security professionals assume there is nothing they can do to protect themselves from a legitimate managed user who logs in with valid credentials using a company MFA method. Insiders can log in during regular business hours, and can easily justify their access within the application.  Cue the plot twist: With the right tools in place, businesses can protect themselves from the enemy from within (and without).  Learn how to secure your entire SaaS stack from both internal and external threats Subduing Identity-Centric Threats with ITDR  In SaaS security, an Identity Threat Detect
Unpacking 2024's SaaS Threat Predictions

Unpacking 2024's SaaS Threat Predictions

Jun 05, 2024 SaaS Security / Artificial Intelligence
Early in 2024, Wing Security released its State of SaaS Security report , offering surprising insights into emerging threats and best practices in the SaaS domain. Now, halfway through the year, several SaaS threat predictions from the report have already proven accurate. Fortunately, SaaS Security Posture Management (SSPM) solutions have prioritized mitigation capabilities to address many of these issues, ensuring security teams have the necessary tools to face these challenges head-on. In this article, we will revisit our predictions from earlier in the year, showcase real-world examples of these threats in action, and offer practical tips and best practices to help you prevent such incidents in the future. It's also worth noting the overall trend of an increasing frequency of breaches in today's dynamic SaaS landscape, leading organizations to demand timely threat alerts as a vital capability. Industry regulations with upcoming compliance deadlines are demanding similar time-sens
The New Effective Way to Prevent Account Takeovers

The New Effective Way to Prevent Account Takeovers

Sep 04, 2024SaaS Security / Browser Security
Account takeover attacks have emerged as one of the most persistent and damaging threats to cloud-based SaaS environments. Yet despite significant investments in traditional security measures, many organizations continue to struggle with preventing these attacks. A new report, " Why Account Takeover Attacks Still Succeed, and Why the Browser is Your Secret Weapon in Stopping Them " argues that the browser is the primary battleground where account takeover attacks unfold and, thus, where they should be neutralized. The report also provides effective guidance for mitigating the account takeover risk.  Below are some of the key points raised in the report: The Role of the Browser in Account Takeovers According to the report, the SaaS kill chain takes advantage of the fundamental components that are contained within the browser. For account takeover, these include: Executed Web Pages - Attackers can create phishing login pages or use MiTM over legitimate web pages to harve
Top 5 Marketing Tech SaaS Security Challenges

Top 5 Marketing Tech SaaS Security Challenges

Nov 13, 2023 SaaS Security / Cyber Threat
Effective marketing operations today are driven by the use of Software-as-a-Service (SaaS) applications. Marketing apps such as Salesforce, Hubspot, Outreach, Asana, Monday, and Box empower marketing teams, agencies, freelancers, and subject matter experts to collaborate seamlessly on campaigns and marketing initiatives.  These apps serve as the digital command centers for marketing professionals. They house essential go-to-market strategies, and are often connected to live payment systems authorized to spend substantial budgets. Ensuring their security is a complex task, given the multitude of applications, application owners, configurations within each app, users, interconnected apps and more. In this article, we explore the top Marketing SaaS application use cases, from external users and publicly shared links to connected apps and credit cards — and how to ensure the security and integrity of the data stored within them. 1 . External Users Marketing departments frequently grant
cyber security

Secure Your Network: 40% Face Full Takeover Risk

websitePicus SecurityEndpoint Security / Attack Surface
Understand and address the critical risks in your network to prevent takeovers.
Why Telecoms Struggle with SaaS Security

Why Telecoms Struggle with SaaS Security

May 02, 2023 SaaS Security
The telecom industry has always been a tantalizing target for cybercriminals. The combination of interconnected networks, customer data, and sensitive information allows cybercriminals to inflict maximum damage through minimal effort. It's the breaches in telecom companies that tend to have a seismic impact and far-reaching implications — in addition to reputational damage, which can be difficult to measure, telecoms are often at the receiving end of government fines for their cybersecurity and privacy failures. There are few industries in the world that collect as much sensitive data as telecom companies. In recent years, telecom companies have accelerated their digital transformation, shedding legacy systems and reducing costs. These changes, coupled with the need for stronger collaboration with third-party vendors, have led them to SaaS applications to handle their CRM. Today, telecoms are using SaaS apps for billing, HR, call management, field operations management, tracking ca
Uncovering (and Understanding) the Hidden Risks of SaaS Apps

Uncovering (and Understanding) the Hidden Risks of SaaS Apps

Apr 19, 2023 SaaS Security
Recent data breaches across CircleCI, LastPass, and Okta underscore a common theme: The enterprise SaaS stacks connected to these industry-leading apps can be at serious risk for compromise. CircleCI, for example, plays an integral, SaaS-to-SaaS role for SaaS app development. Similarly, tens of thousands of organizations rely on Okta and LastPass security roles for SaaS identity and access management. Enterprise and niche SaaS apps alike have effectively introduced multitudes of unmonitored endpoints into organizations of all sizes.  While  spending for SaaS security  is trending up, it lags behind categories such as cloud infrastructure protection and network security. According to Statista, the average organization employs 100+ SaaS apps, many of which are unsanctioned by IT, creating a glaring gap in SaaS security.  Why Users Flock to SaaS Apps — And Often Bypass IT in the Process As productivity tools for tasks such as marketing automation, document signature, and sales foreca
Expert Insights / Articles Videos
Cybersecurity Resources