Tag: saas
-
Vendor Risk in SaaS Supply Chains: 2025 Guide – Nudge Security
Why effective vendor risk management is a critical strategy for identifying, assessing, and mitigating risks within the SaaS supply chain. First seen on securityboulevard.com Jump to article: securityboulevard.com/2025/06/vendor-risk-in-saas-supply-chains-2025-guide-nudge-security/
-
OAuth Tokens: The Danger Behind the Commvault Breach
Discover what went wrong in the Commvault breach: How AppOmni’s powerful SaaS security platform steps in to stop threats before they strike. First seen on securityboulevard.com Jump to article: securityboulevard.com/2025/06/oauth-tokens-the-danger-behind-the-commvault-breach/
-
Grip Security Launches ITDR 2.0 to Strengthen SaaS Identity Protection
First seen on scworld.com Jump to article: www.scworld.com/news/grip-security-launches-itdr-2-0-to-strengthen-saas-identity-protection
-
Announcing our Series A – Impart Security
Tags: ai, api, application-security, attack, ceo, ciso, cloud, cve, defense, detection, framework, healthcare, infrastructure, monitoring, risk, saas, technology, threat, tool, vulnerability, wafToday, we’re announcing our $12 million Series A led by Madrona. This funding represents more than capital”, it validates our solution to what I call the ‘last mile problem’ in application security. Here’s a scenario every security professional will recognize: Your team demos an impressive application security tool that catches sophisticated attacks in real-time. The…
-
Hackers Are Stealing Salesforce Data, Google Warns
By Christy Lynch This post summarizes the June 4, 2025 threat intelligence update from Google and offers additional recommendations from Reveal Security based on similar and recently observed attack patterns targeting SaaS applications and cloud infrastructure. Reveal Security monitors the overall cyber landscape for unique threats that can evade legacy detection methodologies. This UNC6040 campaign…
-
What the Arc Browser Story Reveals About the Future of Browser Security
By Dakshitaa Babu, Security Researcher, SquareX In a candid letter that Joshua Miller, CEO of Arc Browser, wrote to the community, he revealed a truth the tech industry has been dancing around: “the dominant operating system on desktop wasn’t Windows or macOS anymore”Š”, “Šit was the browser.” The evidence is everywhere”Š”, “Šcloud revenue surging year…
-
Secure Browsers Boost Security Without Sacrificing Speed
Enterprise Browsers Provide Increased Visibility, Robust Access Control, Encryption In a world where 85% of work happens in the browser, it is the new enterprise front door – and attackers are knocking. Amid this changing dynamic, secure browsers can step in and prevent threats from unmanaged devices and SaaS sprawl, delivering enterprise-grade security without slowing…
-
Your SaaS Data Isn’t Safe: Why Traditional DLP Solutions Fail in the Browser Era
Traditional data leakage prevention (DLP) tools aren’t keeping pace with the realities of how modern businesses use SaaS applications.Companies today rely heavily on SaaS platforms like Google Workspace, Salesforce, Slack, and generative AI tools, significantly altering the way sensitive information is handled. In these environments, data rarely appears as traditional files or crosses networks First…
-
Stay Ahead of Identity Threats with Grip ITDR 2.0 – Grip
Prevent, detect, and respond to identity threats across all SaaS with Grip’s ITDR 2.0 product. First seen on securityboulevard.com Jump to article: securityboulevard.com/2025/06/stay-ahead-of-identity-threats-with-grip-itdr-2-0-grip/
-
What Tackling the SaaS Security Problem Means to Me
By Kevin Hanes, CEO of Reveal Security When I reflect on the years I spent leading one of the world’s largest Security Operations Centers (SOCs) and incident response teams, the lessons learned aren’t just war stories”¦they’re a playbook for how we should rethink our responsibilities in the face of today’s fast-evolving attack surfaces. Back then,…
-
Growth Hacking 2.0: From Traditional SEO to AI-Powered Answer Engine Optimization
Growth hacking has evolved from viral loops and cold outreach to AI-powered Answer Engine Optimization (AEO). As Google launches AI search and businesses shift from traditional SEO to AEO, B2B SaaS must adapt their strategies to thrive in this new era of conversational search and AI discovery. First seen on securityboulevard.com Jump to article: securityboulevard.com/2025/06/growth-hacking-2-0-from-traditional-seo-to-ai-powered-answer-engine-optimization/
-
Posture ≠Protection
CSPM, DSPM, ASPM, SSPM, ESPM, the alphabet soup of Security Posture Management (SPM) tools promises visibility into risk. They map misconfigurations, surface exposure paths and highlight policy gaps. That can be useful. But let’s not confuse awareness with action. They don’t block threats.They don’t enforce controls.They don’t prevent breaches. SPMs detect, then delegate. A ticket.…
-
Interlock and the Kettering Ransomware Attack: ClickFix’s Persistence
Tags: access, attack, breach, captcha, ciso, computer, control, credentials, cyberattack, data, data-breach, detection, endpoint, exploit, group, healthcare, HIPAA, incident response, injection, malicious, mobile, network, phishing, powershell, ransom, ransomware, risk, saas, service, technology, threat, tool, vulnerabilityIn healthcare, every minute of downtime isn’t just a technical problem”Š”, “Šit’s a patient safety risk. CNN recently reported that Kettering Health, a major hospital network in Ohio, was hit by a ransomware attack. According to CNN, the Interlock ransomware group claimed responsibility, sending a chilling reminder that healthcare remains a prime target for this particular…
-
What You Don’t Know About SaaS Can Violate HIPAA Compliance
Explore how SaaS identity risks impact HIPAA compliance and what the 2025 updates mean for MFA, app inventory, and third-party software controls. Read now. First seen on securityboulevard.com Jump to article: securityboulevard.com/2025/06/what-you-dont-know-about-saas-can-violate-hipaa-compliance/
-
Are You Using the Right ITDR Security Solution? – Grip
Learn how identity threats are evolving and what a modern ITDR security solution must deliver to prevent, detect, and resolve risks across SaaS environments. First seen on securityboulevard.com Jump to article: securityboulevard.com/2025/06/are-you-using-the-right-itdr-security-solution-grip/
-
A New Identity: Why SaaS May Be the Identity Risk No One’s Talking About
First seen on scworld.com Jump to article: www.scworld.com/analysis/a-new-identity-why-saas-may-be-the-identity-risk-no-ones-talking-about
-
Unternehmen unterschätzen Risiken von Datenverlust bei SaaS-Anwendungen
Jeden Tag verlagern Unternehmen kritische Prozesse in Cloud-basierte Software-as-a-Service (SaaS)-Anwendungen. Gleichzeitig richten Cyberkriminelle ihre Aktivitäten verstärkt auf Cloud-Dienste aus und gefährden damit Unternehmen, wobei SaaS-Anwendungen inzwischen zu den präferierten Zielen der Cyberkriminellen gehören. Im neuen E-Book zeigt Arcserve auf, dass laut Markterhebungen […] First seen on netzpalaver.de Jump to article: netzpalaver.de/2025/05/28/unternehmen-unterschaetzen-risiken-von-datenverlust-bei-saas-anwendungen/
-
If you use OneDrive to upload files to ChatGPT or Zoom, don’t
Tags: access, api, chatgpt, compliance, corporate, cybersecurity, data, google, governance, least-privilege, microsoft, mitigation, risk, saas, security-incident, service, strategy, threat, toolWeb app vendors aren’t off the hook: This could be bad news for security teams, according to Eric Schwake, director of cybersecurity strategy at Salt Security. “Sensitive secrets required for this access are often stored in an insecure manner by default,” Schwake said. “This situation presents a key API security challenge for security teams, and…
-
CISA Warns of Attacks Targeting Commvault SaaS Environment
A threat actor has gained access to Microsoft 365 environments of a small number of customers of Commvault’s Metallic service. First seen on darkreading.com Jump to article: www.darkreading.com/cloud-security/cisa-warns-attacks-commvault-saas-environment
-
CISA Warns of Suspected Broader SaaS Attacks Exploiting App Secrets and Cloud Misconfigs
Tags: attack, backup, cisa, cloud, cyber, cybersecurity, exploit, infrastructure, microsoft, monitoring, saas, service, software, threatThe U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Thursday revealed that Commvault is monitoring cyber threat activity targeting applications hosted in their Microsoft Azure cloud environment.”Threat actors may have accessed client secrets for Commvault’s (Metallic) Microsoft 365 (M365) backup software-as-a-service (SaaS) solution, hosted in Azure,” the agency said.”This First seen on thehackernews.com Jump to…
-
Suridata Buy Adds SaaS Posture Management to Fortinet SASE
Deal Aims to Target Identity and AI Risks, SaaS Blind Spots With Unified Security. By acquiring Suridata, Fortinet plans to introduce SaaS Security Posture Management to its SASE platform. The update provides end-to-end visibility into SaaS apps, identity threats and AI plugin misuse, making SSPM a vital control plane in cloud-first security strategies. First seen…
-
10 Proven Growth Strategies for B2B SaaS: Lessons from Business Classics Applications for AI Startups
Transform your B2B SaaS growth trajectory with 10 battle-tested strategies derived from business classics and proven by market leaders. Learn how these frameworks can be specifically adapted for AI startups, with actionable tactics that drive sustainable revenue growth in competitive landscape. First seen on securityboulevard.com Jump to article: securityboulevard.com/2025/05/10-proven-growth-strategies-for-b2b-saas-lessons-from-business-classics-applications-for-ai-startups/
-
Samlify bug lets attackers bypass single sign-on
SAML authenticators should update to patched versions: The flaw has been addressed through patches in samlify versions 2.10.0 and later.Researchers have recommended that systems using SAML authentication must update to a fixed version and ensure “secure SSO flows: implement HTTPS and avoid untrusted sources for SAML flows.”SAML-powered SSO supports a range of use cases: enterprise…
-
SaaS Security Made Simple: Build Your Case, Choose Your Vendor, and Protect Your Data
Cut through SaaS security complexity. Discover how to protect data, avoid costly missteps, and evaluate the right tools”, plus get a free ebook with practical templates and checklists. First seen on securityboulevard.com Jump to article: securityboulevard.com/2025/05/saas-security-made-simple-build-your-case-choose-your-vendor-and-protect-your-data-2/
-
SaaS, Digital Transformation and, of Course, Cybersecurity Drive M&A
First seen on scworld.com Jump to article: www.scworld.com/news/saas-digital-transformation-and-of-course-cybersecurity-drive-ma
-
Let’s Talk About SaaS Risk Again”¦ This Time, Louder.
By Kevin Hanes, CEO of Reveal Security A few weeks ago, I shared a thought that sparked a lot of discussion: SaaS is not a black box we can ignore. It’s a rich, dynamic attack surface and one that attackers are increasingly targeting. That urgency was echoed powerfully in JPMorgan CISO Patrick Opet’s open letter…