#1 Trusted Cybersecurity News Platform
Followed by 4.50+ million
The Hacker News Logo
Subscribe – Get Latest News
Cybersecurity

Search results for Security | Breaking Cybersecurity News | The Hacker News

The Annual SaaS Security Report: 2025 CISO Plans and Priorities

The Annual SaaS Security Report: 2025 CISO Plans and Priorities

Jun 18, 2024 SaaS Security
Seventy percent of enterprises are prioritizing investment in SaaS security by establishing dedicated teams to secure SaaS applications, as part of a growing trend of maturity in this field of cybersecurity, according to a new survey released this month by the Cloud Security Alliance (CSA). Despite economic instability and major job cuts in 2023, organizations drastically increased investment in SaaS security. In fact, the survey found, enterprises added headcount to SaaS security in 2023, increasing SaaS security staff by 56%, as well as increasing budgets by 39%. Figure 1: How investment in SaaS security has shifted from 2022 to 2023 The fourth annual SaaS security survey , "2025 CISO Plans and Priorities," was conducted by the CSA and commissioned by SaaS security leader Adaptive Shield . A total of 478 global security professionals participated in the survey, across all verticals. The survey shares their perspective on SaaS security successes and challenges as CISOs prepare t
Application Security vs. API Security: What is the difference?

Application Security vs. API Security: What is the difference?

Feb 28, 2023 Security Platform / API Security
As digital transformation takes hold and businesses become increasingly reliant on digital services, it has become more important than ever to secure applications and APIs (Application Programming Interfaces). With that said, application security and API security are two critical components of a comprehensive security strategy. By utilizing these practices, organizations can protect themselves from malicious attacks and security threats, and most importantly, ensure their data remains secure. Interestingly enough, despite the clear advantages these disciplines provide, businesses are struggling to understand which security approach is best for their needs. So in this article, we'll discuss the differences between application and API security, best practices that you should consider, and ultimately make the case for why you need both.  What is Application Security Application security, better known as AppSec, is a critical aspect of any organization's cybersecurity strategy.
How to Investigate ChatGPT activity in Google Workspace

How to Investigate ChatGPT activity in Google Workspace

Sep 17, 2024GenAI Security / SaaS Security
When you connect your organization's Google Drive account to ChatGPT, you grant ChatGPT extensive permissions for not only your personal files, but resources across your entire shared drive. As you might imagine, this introduces an array of cybersecurity challenges. This post outlines how to see ChatGPT activity natively in the Google Workspace admin console, and how Nudge Security can provide full visibility into all genAI integrations. Since launching ChatGPT in 2022, OpenAI has defied expectations with a steady stream of product announcements and enhancements. One such announcement came on May 16, 2024, and for most consumers, it probably felt innocuous. Titled  "Improvements to data analysis in ChatGPT," the post outlines how users can add files directly from Google Drive and Microsoft OneDrive. It's worth mentioning that other genAI tools like Google AI Studio and Claude Enterprise have also added similar capabilities recently. Pretty great, right? Maybe.‍ When you connec
DevOps Dilemma: How Can CISOs Regain Control in the Age of Speed?

DevOps Dilemma: How Can CISOs Regain Control in the Age of Speed?

May 24, 2024 DevSecOps / Vulnerability Management
Introduction The Colonial Pipeline ransomware attack (2021) and SolarWinds supply chain attack (2020) were pivotal moments in cybersecurity, starting a new challenge for Chief Information Security Officers ( CISOs ). These attacks highlighted the importance of collaboration between CISOs and DevOps teams to ensure proper cloud security configurations. In this article, we will outline the 6-step approach to fostering strong partnerships between CISOs, DevOps teams, IT management, and organizations that can help to drive innovation while maintaining a robust security posture. You will learn how a CISO can effectively communicate with IT leadership and what methods to try. Our narrative will emphasize the most crucial aspect of an organization's security - growing your strong security team and moving to a proactive approach.  Understanding such breaches, such as the Capital One data breach (2019), Epsilon data breach (2019), Magecart compromises (ongoing), and MongoDB breaches (2
cyber security

DevOps Security Best Practices

websiteWizDevOps / Secure Coding
Develop securely from code to cloud with this DevOps Security Cheat Sheet from Wiz. Take a deep dive into secure coding, infrastructure security, and vigilant monitoring and response.
6 Types of Applications Security Testing You Must Know About

6 Types of Applications Security Testing You Must Know About

Jul 25, 2024 AppSec / Penetration Testing
Application security testing is a critical component of modern software development, ensuring that applications are robust and resilient against malicious attacks. As cyber threats continue to evolve in complexity and frequency, the need to integrate comprehensive security measures throughout the SDLC has never been more essential. Traditional pentesting provides a crucial snapshot of an application's security posture, but when integrated across the SDLC, it allows for early detection and mitigation of vulnerabilities, reducing the risk of costly post-deployment fixes and enhancing overall security.  While the specifics for security testing vary for applications, web applications, and APIs, a holistic and proactive applications security strategy is essential for all three types. There are six core types of testing that every security professional should know about to secure their applications, regardless of what phase they are in in development or deployment.  In this article, w
Our journey to API security at Raiffeisen Bank International

Our journey to API security at Raiffeisen Bank International

Nov 04, 2021
This article was written by Peter Gerdenitsch, Group CISO at Raiffeisen Bank International, and is based on a presentation given during Imvision's Executive Education Program, a series of events focused on how enterprises are taking charge of the API security lifecycle. Launching the "Security in Agile" program Headquartered in Vienna, Raiffeisen Bank International (RBI) operates across 14 countries in Central and Eastern Europe with around 45,000 employees. Our focus is on providing universal banking solutions to customers, as well as developing digital banking products for the retail and corporate markets. Accordingly, RBI has a substantial R&D division, making for a very large community of IT and engineering professionals all over Europe. Back in 2019, we began shifting to a product-led agile setup for RBI, introducing various security roles contributing and collaborating to achieve our strategic goals. As part of this journey, we established the security champ
New SaaS Security Report Dives into the Concerns and Plans of CISOs in 2021

New SaaS Security Report Dives into the Concerns and Plans of CISOs in 2021

Jul 09, 2021
For years, security professionals have recognized the need to enhance SaaS security. However, the exponential adoption of Software-as-a-Service (SaaS) applications over 2020 turned slow-burning embers into a raging fire.  Organizations manage anywhere from thirty-five to more than a hundred applications. From collaboration tools like Slack and Microsoft Teams to mission-critical applications like SAP and Salesforce, SaaS applications act as the foundation of the modern enterprise. 2020 created an urgent need for security solutions that mitigate SaaS misconfiguration risks. Recognizing the importance of SaaS security, Gartner named a new category, SaaS Security Posture Management (SSPM), to distinguish solutions that have the capabilities to offer a continuous assessment of security risks arising from a SaaS application's deployment.  To understand how security teams are currently dealing with their SaaS security posture and what their main concerns are, Adaptive Shield, a leading S
Who Has Control: The SaaS App Admin Paradox

Who Has Control: The SaaS App Admin Paradox

Aug 04, 2022
Imagine this: a company-wide lockout to the company CRM, like Salesforce, because the organization's external admin attempts to disable MFA for themselves. They don't think to consult with the security team and don't consider the security implications, only the ease which they need for their team to use their login.  This CRM, however, defines MFA as a top-tier security setting; for example, Salesforce has a "High Assurance Login Value" configuration and immediately locks out all users as a safety precaution. The entire organization hits a standstill and is frustrated and confused.  Deeply concerning, this is not a one-off event, admins for business-critical SaaS apps often sit outside the security department and have profound control. Untrained and not focused on security measures, these admins are working towards their departmental KPIs. For instance, Hubspot is usually owned by the marketing department, likewise, Salesforce is often owned by the business dep
Expert Insights / Articles Videos
Cybersecurity Resources