Tag: saas
-
UNC6395 and the Salesloft Drift Attack: Why Salesforce OAuth Integrations are a Growing Risk
A recent UNC6395 Salesloft Drift breach reveals Salesforce SaaS risks. Learn how to simplify breach detection, prevention, and visibility. First seen on securityboulevard.com Jump to article: securityboulevard.com/2025/08/unc6395-and-the-salesloft-drift-attack-why-salesforce-oauth-integrations-are-a-growing-risk/
-
Attackers steal data from Salesforce instances via compromised AI live chat tool
What Salesloft Drift users should do next: The GTIG report and the Salesloft advisories include indicators of compromise such as IP addresses used by the attackers and User-Agent strings for the tools they used to access the data. Mandiant advises companies to also search logs for any activity from known Tor exit nodes in addition…
-
Workday Breach Breakdown: A Growing Trend of Breaches – Grip
The Workday breach highlights a rising wave of SaaS attacks. Learn why cyber threats spike in the second half of 2025 and how to stay ahead of the breach curve. First seen on securityboulevard.com Jump to article: securityboulevard.com/2025/08/workday-breach-breakdown-a-growing-trend-of-breaches-grip/
-
How AI is Changing the Game for SaaS Sales Teams
AI is transforming how SaaS companies find and convert customers. While traditional companies struggle with 32% conversion rates, AI-native firms hit 56%. Learn how automated GTM agents work 24/7 to spot prospects, track competitors, and optimize revenue”, with real results. First seen on securityboulevard.com Jump to article: securityboulevard.com/2025/08/how-ai-is-changing-the-game-for-saas-sales-teams/
-
How AI is Changing the Game for SaaS Sales Teams
AI is transforming how SaaS companies find and convert customers. While traditional companies struggle with 32% conversion rates, AI-native firms hit 56%. Learn how automated GTM agents work 24/7 to spot prospects, track competitors, and optimize revenue”, with real results. First seen on securityboulevard.com Jump to article: securityboulevard.com/2025/08/how-ai-is-changing-the-game-for-saas-sales-teams/
-
Cybercriminals Exploit Cheap VPS to Launch SaaS Hijacking Attacks
Darktrace researchers have discovered a new wave of attacks where cybercriminals use cheap Virtual Private Servers (VPS) to… First seen on hackread.com Jump to article: hackread.com/cybercriminals-exploit-cheap-vps-saas-hijack-attacks/
-
SaaS-Resilienz erfordert physisch getrennte und nicht veränderbare Speicherung
Keepit hat die Ergebnisse seiner Umfrage ‘Übersehen und ungeschützt: Wie die SaaS-Datenlücke die Resilienz bedroht” vorgestellt. Die Umfrage unter leitenden IT-Entscheidungsträgern ergab, dass 37 % der Befragten ausschließlich auf die nativen Backup-Funktionen ihrer SaaS-Anwendungen vertrauen und damit ein erhebliches Risiko für Datenverluste und Betriebsunterbrechungen eingehen. Unveränderbare, physisch getrennte Datenspeicherung wird als entscheidend angesehen, ebenso wie […]…
-
Attackers Abuse Virtual Private Servers to Compromise SaaS Accounts
Darktrace observed a coordinated campaign on customer SaaS accounts, all of which involved logins from IP addresses linked to VPS providers First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/attackers-virtual-servers/
-
Lenovo-Chatbot-Lücke wirft Schlaglicht auf KI-Sicherheitsrisiken
Über eine Schwachstelle in Lenovos Chatbot für den Kundensupport ist es Forschern gelungen, Schadcode einzuschleusen.Der Chatbot ‘Lena” von Lenovo basiert auf GPT-4 von OpenAI und wird für den Kundensupport verwendet. Sicherheitsforscher von Cybernews fanden heraus, dass das KI-Tool anfällig für Cross-Site-Scripting-Angriffe (XSS) war. Die Experten haben eine Schwachstelle entdeckt, über die sie schädliche HTML-Inhalte generieren…
-
Why email security needs its EDR moment to move beyond prevention
Email security is stuck where antivirus was a decade ago”, focused only on prevention. Learn from Material Security why it’s time for an “EDR for email” mindset: visibility, post-compromise controls, and SaaS-wide protection. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/why-email-security-needs-its-edr-moment-to-move-beyond-prevention/
-
Lenovo chatbot breach highlights AI security blind spots in customer-facing systems
Enterprise-wide implications: While the immediate impact involved session cookie theft, the vulnerability’s implications extended far beyond data exfiltration.The researchers warned that the same vulnerability could enable attackers to alter support interfaces, deploy keyloggers, launch phishing attacks, and execute system commands that could install backdoors and enable lateral movement across network infrastructure.”Using the stolen support agent’s…
-
Backup in SaaS-Umgebungen in der Praxis
Die Datensicherung für Cloud- und Onpremises-Konzepte sollten effizient unter einer Plattform erfolgen und zudem unveränderlichen Speicher unterstützen. Ein mittelständisches Bauunternehmen gibt Einblicke, wie es diese Herausforderung für Microsoft-365 mit Arcserve innerhalb kurzer Zeit gemeistert hat. Traditionelle oder veraltete Backup-Lösungen können kaum noch den adäquaten Schutz für die Daten leisten weder hinsichtlich eines klassischen Ausfalls […]…
-
NIST’s attempts to secure AI yield many questions, no answers
Challenges to consider: The NIST report talked about various categories of AI integration that forced serious cybersecurity considerations, including: using genAI to create new content; fine-tuning predictive AI; using single AI agents as well multiple agents; and security controls for AI developers. The potentially most challenging element of securing AI in enterprises is visibility. But the…
-
Webinar: Why AI and SaaS are now the same attack surface
The lines between SaaS and AI are vanishing. AI agents are now first-class citizens in your SaaS universe: accessing sensitive data, triggering workflows, and introducing new … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/08/19/vorlon-webinar-ai-and-saas-attack-surface/
-
Wie CISOs von der Blockchain profitieren
Tags: access, ai, api, blockchain, ciso, compliance, framework, governance, identity, LLM, network, saas, sbom, software, tool, zero-trustDie Blockchain macht Trust verifizierbar.Sicherheitsvorfälle gehen nicht nur auf eine Kompromittierung der internen Systeme zurück. Sie hängen regelmäßig auch damit zusammen, dass:Privileged-Access-Protokolle fehlen,SaaS-Audit-Trails nicht vertrauenswürdig sind, oderLieferketten kompromittiert werden.Die Blockchain kann dabei helfen, diese realen Probleme zu lösen und Manipulationssicherheit, Datenintegrität und Trust zu gewährleisten. Im Kern ist Blockchain ein System von Datensätzen, die über…
-
Workday warns of CRM breach after social engineers make off with business contact details
HR SaaS giant insists core systems untouched First seen on theregister.com Jump to article: www.theregister.com/2025/08/18/workday_crm_breach/
-
Claroty und Google Security Operations stärken gemeinsam die Sicherheit cyberphysischer Systeme
Der Spezialist für die Sicherheit von cyberphysischen Systemen (CPS), Claroty, und Google Security Operations schließen eine strategische Partnerschaft. Diese schließt die Lücke zwischen IT und Betriebstechnik (OT) und ermöglich Unternehmen eine verbesserte Bedrohungserkennung und -reaktion. Durch die Integration werden hochpräzise, kontextreiche Warnmeldungen und Schwachstellendaten aus der SaaS-basierten-Sicherheitslösung oder der lokalen Continuous.Threat-Detection (CTD) in […] First…
-
Claroty und Google Security Operations stärken gemeinsam die Sicherheit cyberphysischer Systeme
Der Spezialist für die Sicherheit von cyberphysischen Systemen (CPS), Claroty, und Google Security Operations schließen eine strategische Partnerschaft. Diese schließt die Lücke zwischen IT und Betriebstechnik (OT) und ermöglich Unternehmen eine verbesserte Bedrohungserkennung und -reaktion. Durch die Integration werden hochpräzise, kontextreiche Warnmeldungen und Schwachstellendaten aus der SaaS-basierten-Sicherheitslösung oder der lokalen Continuous.Threat-Detection (CTD) in […] First…
-
Claroty und Google Security Operations stärken gemeinsam die Sicherheit cyberphysischer Systeme
Der Spezialist für die Sicherheit von cyberphysischen Systemen (CPS), Claroty, und Google Security Operations schließen eine strategische Partnerschaft. Diese schließt die Lücke zwischen IT und Betriebstechnik (OT) und ermöglich Unternehmen eine verbesserte Bedrohungserkennung und -reaktion. Durch die Integration werden hochpräzise, kontextreiche Warnmeldungen und Schwachstellendaten aus der SaaS-basierten-Sicherheitslösung oder der lokalen Continuous.Threat-Detection (CTD) in […] First…
-
9 things CISOs need know about the dark web
Tags: 2fa, access, ai, attack, automation, backup, blockchain, botnet, breach, captcha, ceo, ciso, communications, corporate, credentials, crypto, cyber, cybercrime, cybersecurity, dark-web, data, data-breach, ddos, deep-fake, defense, detection, dns, exploit, extortion, finance, fraud, group, guide, hacking, identity, incident, incident response, infrastructure, intelligence, international, jobs, law, leak, lockbit, malicious, malware, marketplace, mfa, monitoring, network, open-source, phishing, privacy, ransomware, resilience, risk, russia, saas, scam, service, strategy, tactics, technology, threat, tool, training, vpn, vulnerability, zero-dayNew groups form after major marketplaces are disrupted: International takedown efforts damage infrastructure and curb cybercrime operations by disrupting larger operations, removing major players from the ecosystem and scattering user bases.However, the dark web is highly adaptive and sophisticated actors often maintain contingency plans, including mirrors, backups, and alternative forums, according to Edward Currie, associate…
-
CSO hiring on the rise: How to land a top security exec role
Tags: access, ai, attack, breach, business, cio, ciso, cloud, compliance, cyber, cybersecurity, data, defense, finance, governance, government, healthcare, identity, incident, incident response, infrastructure, insurance, jobs, military, network, regulation, resilience, risk, saas, service, skills, software, strategy, technology, threat, trainingWide-scale AI adoption shaking up skills sought: In terms of the skills wanted of today’s CSO, Fuller agrees that AI is the game-changer.”Organizations are seeking cybersecurity leaders who combine technical depth, AI fluency, and strong interpersonal skills,” Fuller says. “AI literacy is now a baseline expectation, as CISOs must understand how to defend against AI-driven…
-
From legacy to SaaS: Why complexity is the enemy of enterprise security
In this Help Net Security interview, Robert Buljevic, Technology Consultant at Bridge IT, discusses how the coexistence of legacy systems and SaaS applications is changing the … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/08/11/robert-buljevic-bridge-it-legacy-saas-security/
-
13 Produkt-Highlights der Black Hat USA
Tags: access, ai, api, application-security, business, chatgpt, cisco, cloud, compliance, credentials, crowdstrike, cybersecurity, data, detection, google, governance, Hardware, identity, leak, LLM, malware, marketplace, microsoft, monitoring, network, openai, phishing, risk, saas, service, soc, threat, tool, usa, vulnerability, zero-trustDas Mandalay Bay Convention Center wird zur Black Hat USA zum Cybersecurity-Hub 2025 lag der Fokus dabei insbesondere auf Agentic und Generative AI.Zur Black-Hat-Konferenz haben sich auch 2025 Tausende von Sicherheitsexperten in Las Vegas zusammengefunden, um sich über die neuesten Entwicklungen im Bereich Cybersecurity zu informieren und auszutauschen. Der thematische Fokus lag dabei in erster…
-
Black Hat 2025 Recap: A look at new offerings announced at the show
Tags: access, ai, api, application-security, automation, chatgpt, cisco, cloud, compliance, control, crowdstrike, dark-web, data, detection, google, governance, group, identity, intelligence, LLM, malware, microsoft, monitoring, network, openai, password, risk, saas, service, soc, software, threat, tool, vulnerability, zero-trustSnyk secures AI from inception: Snyk’s new platform capability, Secure at Inception, includes real-time security scanning that begins at the moment of code generation or execution. It offers visibility into generative AI, agentic, and model context protocol (MCP) components in software, and also features a new, experimental scanner for detecting AI-specific MCP vulnerabilities.Secure AI Inception…
-
How CTEM Boosts Visibility and Shrinks Attack Surfaces in Hybrid and Cloud Environments
CTEM is a continuous strategy that assesses risk from an attacker’s view, helping orgs prioritize threats across cloud and hybrid environments. The attack surface has exploded. Between multi-cloud deployments, remote endpoints, SaaS platforms, shadow IT, and legacy infrastructure, the perimeter has not only become unrecognizable; in many ways, it no longer exists. For security teams,…
-
News alert: SpyCloud’s AI-powered platform mimics veteran analysts, speeds threat detection
Austin, TX, Aug. 6, 2025, CyberNewswire: SpyCloud, the leader in identity threat protection, today announced a significant enhancement to its SaaS Investigations solution: the integration of advanced AI-powered insights that mirror the tradecraft of SpyCloud’s seasoned investigators. Building on… (more”¦) First seen on securityboulevard.com Jump to article: securityboulevard.com/2025/08/news-alert-spyclouds-ai-powered-platform-mimics-veteran-analysts-speeds-threat-detection/