SaaS Security | Breaking Cybersecurity News | The Hacker News

Whether it's CRMs, project management tools, payment processors, or lead management tools - your workforce is using SaaS applications by the pound. Organizations often rely on traditional CASB solutions for protecting against malicious access and data exfiltration, but these fall short for protecting against shadow SaaS, data damage, and more. A new report, Understanding SaaS Security Risks: Why CASB Solutions Fail to Cover 'Shadow' SaaS and SaaS Governance , highlighting the pressing security challenges faced by enterprises using SaaS applications. The research underscores the growing inefficacy of traditional CASB solutions and introduces a revolutionary browser-based approach to SaaS security that ensures full visibility and real-time protection against threats. Below, we bring the main highlights of the report. Read the full report here . Why Enterprises Need SaaS Security - The Risks of SaaS SaaS applications have become the backbone of modern enterprises, but security teams ...

Organizations now use an average of 112 SaaS applications —a number that keeps growing. In a 2024 study, 49% of 644 respondents who frequently used Microsoft 365 believed that they had less than 10 apps connected to the platform, despite the fact that aggregated data indicated over 1,000+ Microsoft 365 SaaS-to-SaaS connections on average per deployment. And that's just one major SaaS provider. Imagine other unforeseen critical security risks: Each SaaS app has unique security configurations —making misconfigurations a top risk. Business-critical apps (CRM, finance, and collaboration tools) store vast amounts of sensitive data, making them prime targets for attackers. Shadow IT and third-party integrations introduce hidden vulnerabilities that often go unnoticed. Large and small third-party AI service providers (e.g. audio/video transcription service) may not comply with legal and regulatory requirements, or properly test and review code. Major SaaS providers also have thous...

Cybersecurity isn't just another checkbox on your business agenda. It's a fundamental pillar of survival. As organizations increasingly migrate their operations to the cloud, understanding how to protect your digital assets becomes crucial. The shared responsibility model , exemplified through Microsoft 365's approach, offers a framework for comprehending and implementing effective cybersecurity measures.  The Essence of Shared Responsibility  Think of cloud security like a well-maintained building: the property manager handles structural integrity and common areas, while tenants secure their individual units. Similarly, the shared responsibility model creates a clear division of security duties between cloud providers and their users. This partnership approach ensures comprehensive protection through clearly defined roles and responsibilities.  What Your Cloud Provider Handles  Microsoft maintains comprehensive responsibility for securing the foundational eleme...

Identity-based attacks are on the rise. Attackers are targeting identities with compromised credentials, hijacked authentication methods, and misused privileges. While many threat detection solutions focus on cloud, endpoint, and network threats, they overlook the unique risks posed by SaaS identity ecosystems. This blind spot is wreaking havoc on heavily SaaS-reliant organizations big and small. The question is, what can security teams do about it? Have no fear, because Identity Threat Detection and Response (ITDR) is here to save the day. It's essential to have the visibility and response mechanisms to stop attacks before they become breaches. Here's the super lineup that every team needs to stop SaaS identity threats. #1 Full coverage: cover every angle  Like Cap's shield, this defense should cover every angle. Traditional threat detection tools such as XDRs and EDRs fail to cover SaaS applications and leave organizations vulnerable. SaaS identity threat detection and re...

While Okta provides robust native security features, configuration drift, identity sprawl, and misconfigurations can provide opportunities for attackers to find their way in. This article covers four key ways to proactively secure Okta as part of your identity security efforts. Okta serves as the cornerstone of identity governance and security for organizations worldwide. However, this prominence has made it a prime target for cybercriminals who seek access to valuable corporate identities, applications, and sensitive data. While Okta provides robust native security features and recommended best practices, maintaining proper security controls requires constant vigilance. Configuration drift, identity sprawl, and misconfigurations can provide attackers a way into Okta and other apps if left unchecked. This article covers four key ways Nudge Security can help you proactively secure Okta as part of your efforts to harden your identity security posture. 1. Continuous Configuration ...

As IT environments grow more complex, IT professionals are facing unprecedented pressure to secure business-critical data. With hybrid work the new standard and cloud adoption on the rise, data is increasingly distributed across different environments, providers and locations, expanding the attack surface for emerging cyberthreats. While the need for a strong data protection strategy has become more critical than ever, organizations find themselves caught in a difficult balancing act. They are struggling to manage the rising costs and complexities of business continuity and disaster recovery (BCDR) while ensuring that their business-critical data remains secure and recoverable. To help IT teams and managed service providers (MSPs) understand how their peers are navigating these challenges, the State of Backup and Recovery Report 2025 has gathered insights from more than 3,000 IT professionals, security experts and administrators worldwide. The report reveals how businesses are tackl...

The Need For Unified Security Google Workspace is where teams collaborate, share ideas, and get work done. But while it makes work easier, it also creates new security challenges. Cybercriminals are constantly evolving, finding ways to exploit misconfigurations, steal sensitive data, and hijack user accounts. Many organizations try to secure their environment by piecing together different security tools, hoping that multiple layers of protection will keep them safe.  But in reality, this patchwork approach often creates blind spots, making it harder—not easier—to defend against threats. To truly secure Google Workspace, businesses need a unified security strategy that offers complete protection without unnecessary complexity. The problem with most security solutions is that they only solve part of the puzzle. Point solutions, like tools that block malware or phishing attacks, might work well for a specific type of threat but fail to recognize suspicious user behavior, unauthori...

The rapid adoption of cloud services, SaaS applications, and the shift to remote work have fundamentally reshaped how enterprises operate. These technological advances have created a world of opportunity but also brought about complexities that pose significant security threats. At the core of these vulnerabilities lies Identity —the gateway to enterprise security and the number one attack vector for bad actors. Explore the importance of modernizing Identity strategies and the benefits of centralizing Identity within your security ecosystem to safeguard your organization from costly breaches while enhancing operational efficiency. The rise of fragmented tech stacks Gone are the days when enterprises relied on a single solution tied to a comprehensive license agreement. Businesses today prioritize agility and performance, opting for "best-in-breed" solutions that patch together fragmented tech ecosystems. While these advanced tech stacks provide flexibility, they also create signif...

Credential stuffing attacks had a huge impact in 2024, fueled by a vicious circle of infostealer infections and data breaches . But things could be about to get worse still with Computer-Using Agents, a new kind of AI agent that enables low-cost, low-effort automation of common web tasks — including those frequently performed by attackers. Stolen credentials: The cyber criminal's weapon of choice in 2024 Stolen credentials were the #1 attacker action in 2023/24 , and the breach vector for 80% of web app attacks. Not surprising when you consider the fact that billions of leaked credentials are in circulation online, and attackers can pick up the latest drop for as little as $10 on criminal forums.  The criminal marketplace for stolen credentials is benefitting from the publicity of high-profile breaches in 2024 such as the attacks on Snowflake customers using credentials found in data breach dumps and compromised credential feeds from infostealer and mass phishing campaigns, r...

Organizations are either already adopting GenAI solutions, evaluating strategies for integrating these tools into their business plans, or both. To drive informed decision-making and effective planning, the availability of hard data is essential—yet such data remains surprisingly scarce. The " Enterprise GenAI Data Security Report 2025 " by LayerX delivers unprecedented insights into the practical application of AI tools in the workplace, while highlighting critical vulnerabilities. Drawing on real-world telemetry from LayerX's enterprise clients, this report is one of the few reliable sources that details actual employee use of GenAI. For instance, it reveals that nearly 90% of enterprise AI usage occurs outside the visibility of IT, exposing organizations to significant risks such as data leakage and unauthorized access. Below we bring some of the report's key findings. Read the full report to refine and enhance your security strategies, leverage data...

Given Okta's role as a critical part of identity infrastructure, strengthening Okta security is essential. This article covers six key Okta security settings that provide a strong starting point, along with recommendations for implementing continuous monitoring of your Okta security posture. With over 18,000 customers, Okta serves as the cornerstone of identity governance and security for organizations worldwide. However, this prominence has made it a prime target for cybercriminals who seek access to valuable corporate identities, applications, and sensitive data. Recently, Okta warned its customers of an increase in phishing social engineering attempts to impersonate Okta support personnel. Given Okta's role as a critical part of identity infrastructure, strengthening Okta security is essential. This article covers six key Okta security settings that provide a strong starting point, along with how continuous monitoring of your Okta security posture helps you avoid miscon...