Collecting Cyber-News from over 60 sources

Tag: saas

Datenpanne bei Palo Alto Networks, Zscaler und Cloudflare

Sep 4, 2025 5:20 PM

Tags: access, ai, api, ciso, cyber, cyberattack, data-breach, endpoint, framework, group, mail, network, phishing, risk, saas, smishing, social-engineering, software, strategy, supply-chain, tool, zero-trust

Auch IT-Unternehmen, selbst im Bereich Cyber-Security sind nicht vor erfolgreichen Cyber-Attacken gefeit.Palo Alto Networks, ZScaler und Cloudflare haben bekannt gegeben, dass sie von einem Cyberangriff über Salesloft Drift getroffen wurden. Hierbei handelt es sich um eine Drittanbieteranwendung, die Vertriebsabläufe automatisiert. Sie ist in Salesforce-Datenbanken integriert ist, um Leads und Kontaktinformationen zu verwalten. Im Statement von…
Microsoft Backs Sola’s $35M Push Into Autonomous AI Security

Sep 4, 2025 2:20 PM

Tags: ai, cloud, identity, microsoft, saas, startup

Series A Fuels Deeper AI, Expanded Integrations and Product-Led Growth Adoption. Backed by S32 and Microsoft, Sola Security secured $35 million to advance its autonomous AI engine. The Israeli startup aims to shift from reactive prompts to proactive agent-based systems that solve security tasks across SaaS, cloud and identity domains. First seen on govinfosecurity.com Jump…
Salesloft Drift Breach: 7 Steps to Protect Your Organization

Sep 3, 2025 8:20 PM

Tags: breach, risk, saas

The Salesloft Drift breach is expanding fast. Learn what’s at risk and the 7 critical steps security teams should take to protect their SaaS ecosystem. First seen on securityboulevard.com Jump to article: securityboulevard.com/2025/09/salesloft-drift-breach-7-steps-to-protect-your-organization/
SaaS giant Workiva discloses data breach after Salesforce attack

Sep 3, 2025 7:20 PM

Tags: access, attack, breach, cloud, data, data-breach, saas

Workiva, a leading cloud-based SaaS (Software as a Service) provider, notified its customers that attackers who gained access to a third-party customer relationship management (CRM) system stole some of their data. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/saas-giant-workiva-discloses-data-breach-after-salesforce-attack/
A CISO’s guide to monitoring the dark web

Sep 3, 2025 10:20 AM

Tags: access, attack, authentication, breach, ciso, cloud, credentials, cyber, cybercrime, dark-web, data, data-breach, detection, extortion, guide, identity, incident response, intelligence, law, leak, marketplace, mfa, monitoring, okta, risk, saas, service, supply-chain, technology, threat, vpn, vulnerability

Is your company data on the dark web? Here’s what to look for and what do if your data now lives on the dark web. SÄ±la Özeren / Picus Security If you’re looking for broader threats against your organization, pay close attention to what initial access brokers (IABs) are offering for sale on the dark…
A CISO’s guide to monitoring the dark web

Sep 3, 2025 10:20 AM

Tags: access, attack, authentication, breach, ciso, cloud, credentials, cyber, cybercrime, dark-web, data, data-breach, detection, extortion, guide, identity, incident response, intelligence, law, leak, marketplace, mfa, monitoring, okta, risk, saas, service, supply-chain, technology, threat, vpn, vulnerability

Is your company data on the dark web? Here’s what to look for and what do if your data now lives on the dark web. SÄ±la Özeren / Picus Security If you’re looking for broader threats against your organization, pay close attention to what initial access brokers (IABs) are offering for sale on the dark…
A CISO’s guide to monitoring the dark web

Sep 3, 2025 10:20 AM

Tags: access, attack, authentication, breach, ciso, cloud, credentials, cyber, cybercrime, dark-web, data, data-breach, detection, extortion, guide, identity, incident response, intelligence, law, leak, marketplace, mfa, monitoring, okta, risk, saas, service, supply-chain, technology, threat, vpn, vulnerability

Is your company data on the dark web? Here’s what to look for and what do if your data now lives on the dark web. SÄ±la Özeren / Picus Security If you’re looking for broader threats against your organization, pay close attention to what initial access brokers (IABs) are offering for sale on the dark…
Palo Alto Networks, Zscaler, Cloudflare hit by the latest data breach

Sep 3, 2025 5:19 AM

Tags: access, ai, api, attack, authentication, breach, business, ciso, credentials, cybersecurity, data, data-breach, email, endpoint, group, identity, incident response, jobs, login, monitoring, network, password, phishing, phone, risk, saas, scam, service, social-engineering, software, strategy, supply-chain, theft, threat, tool, zero-trust

CSO, in response to a request for clarification. “In the case of Zscaler and Palo Alto, because they sell solutions in the SASE space, their compromise can be particularly problematic since this may end up unfolding into a third-party or even fourth-party compromise,” said Flavio Villanustre, SVP and CISO for LexisNexis Risk Solutions. “Keep in mind…
Trusted Cloud Edge in Practice: Transforming Critical Industries

Sep 2, 2025 11:20 PM

Tags: 5G, access, ai, attack, cctv, china, cloud, communications, compliance, computing, control, corporate, cyber, cybersecurity, data, defense, detection, encryption, google, government, group, Hardware, healthcare, HIPAA, infrastructure, intelligence, Internet, iot, malicious, military, network, privacy, regulation, resilience, risk, saas, service, software, technology, threat, tool, unauthorized, update, vpn, vulnerability, wifi, zero-trust
Trusted Cloud Edge in Practice: Transforming Critical Industries

Sep 2, 2025 11:20 PM

Tags: 5G, access, ai, attack, cctv, china, cloud, communications, compliance, computing, control, corporate, cyber, cybersecurity, data, defense, detection, encryption, google, government, group, Hardware, healthcare, HIPAA, infrastructure, intelligence, Internet, iot, malicious, military, network, privacy, regulation, resilience, risk, saas, service, software, technology, threat, tool, unauthorized, update, vpn, vulnerability, wifi, zero-trust
Zscaler, Palo Alto Networks Breached via Salesloft Drift

Sep 2, 2025 8:20 PM

Tags: attack, network, saas, supply-chain

Two major security firms suffered downstream compromises as part of a large-scale supply chain attack involving Salesloft Drift, a marketing SaaS application from Salesforce. First seen on darkreading.com Jump to article: www.darkreading.com/cyberattacks-data-breaches/zscaler-palo-alto-networks-breached-salesloft-drift
Der Drift-Salesforce-Angriff zeigt wie SaaS-Integrationen zum Sicherheits-Albtraum werden

Sep 2, 2025 2:19 PM

Tags: cyberattack, hacker, saas

Ein SaaS-Sicherheitsalbtraum für IT-Manager in aller Welt wurde kürzlich wahr: Hacker nutzten legitime OAuth-Tokens aus der Drift-Chatbot-Integration von Salesloft mit Salesforce, um unbemerkt Kundendaten von der beliebten CRM-Plattform zu exfiltrieren. Der ausgeklügelte Angriff deckt einen kritischen toten Winkel auf, von dem die meisten Sicherheits-Teams nicht einmal wissen, dass sie von ihm betroffen sind. Wenn SaaS-Integrationen…
Check Point analysiert den Drift-Salesforce-Angriff auf Salesforce

Sep 2, 2025 11:19 AM

Tags: cyberattack, incident, saas

Mit der zunehmenden Verbreitung von SaaS und der wachsenden Komplexität der Integration werden Angriffe wie dieser noch häufiger vorkommen. Diesen Zwischenfall als Weckruf zu verstehen, ist daher das Gebot der Stunde. First seen on infopoint-security.de Jump to article: www.infopoint-security.de/check-point-analysiert-den-drift-salesforce-angriff-auf-salesforce/a41864/
Supply-chain attack hits Zscaler via Salesloft Drift, leaking customer info

Sep 1, 2025 8:19 PM

Tags: attack, breach, cybersecurity, data, data-breach, saas, supply-chain, threat

Zscaler breach tied to Salesloft Drift attack exposed Salesforce data, leaking customer info and support case details in a supply-chain compromise. Zscaler discloses a data breach that is linked to the recent Salesloft Drift attack. The cybersecurity vendor confirmed it was affected by a campaign targeting Salesloft Drift, a marketing SaaS integrated with Salesforce. Threat…
News alert: SquareX finds browser flaw undermining passkeys while exposing banking and SaaS apps

Aug 29, 2025 5:23 AM

Tags: authentication, banking, flaw, passkey, password, phishing, saas

Palo Alto, Calif., Aug. 28, 2025, CyberNewswire, It is no secret that passwords are highly susceptible to phishing and brute force attacks. This led to the mass adoption of passkeys, a passwordless authentication method leveraging cryptographic key pairs that… (more”¦) First seen on securityboulevard.com Jump to article: securityboulevard.com/2025/08/news-alert-squarex-finds-browser-flaw-undermining-passkeys-while-exposing-banking-and-saas-apps/
How MCP in SaaS Security Helps You Outrun SaaS and AI Risks

Aug 28, 2025 9:23 PM

Tags: ai, automation, risk, saas, threat

Outrun threats with MCP in SaaS security. See how GripMCP’s speed, automation, and GenAI guardrails turn SaaS risk from a chase into controlled remediation. First seen on securityboulevard.com Jump to article: securityboulevard.com/2025/08/how-mcp-in-saas-security-helps-you-outrun-saas-and-ai-risks/
115.000 Phishing-Emails in einer Woche versendet

Aug 28, 2025 11:23 AM

Tags: awareness, best-practice, cyber, email, google, infrastructure, mail, phishing, saas, software

Eine neue Art des Phishings breitet sich aus. Sie setzt dabei auf bewährte Marken, unaufgeklärte Mitarbeitende und ungeschützte Kanäle.Laut Google nutzen 40 Millionen Lehrer und Schüler weltweit Google Classroom, um Leistungsnachweise, Schulaufgaben und Lehrmaterial bereitzustellen. Da die Software weit verbreitet ist, wird sie attraktiv für Cyberkriminelle. Eine immer noch aktive, weltweite auftretende Kampagne hat der…
UNC6395 and the Salesloft Drift Attack: Why Salesforce OAuth Integrations are a Growing Risk

Aug 27, 2025 5:23 AM

Tags: attack, breach, detection, risk, saas

A recent UNC6395 Salesloft Drift breach reveals Salesforce SaaS risks. Learn how to simplify breach detection, prevention, and visibility. First seen on securityboulevard.com Jump to article: securityboulevard.com/2025/08/unc6395-and-the-salesloft-drift-attack-why-salesforce-oauth-integrations-are-a-growing-risk/
Attackers steal data from Salesforce instances via compromised AI live chat tool

Aug 27, 2025 5:23 AM

Tags: access, ai, at&t, breach, credentials, data, extortion, group, login, mandiant, open-source, password, saas, tool, vpn

What Salesloft Drift users should do next: The GTIG report and the Salesloft advisories include indicators of compromise such as IP addresses used by the attackers and User-Agent strings for the tools they used to access the data. Mandiant advises companies to also search logs for any activity from known Tor exit nodes in addition…
Warum das SOC in der Krise steckt und wie Sie das ändern

Aug 26, 2025 6:54 AM

Tags: access, ai, authentication, breach, ciso, cloud, cyberattack, dark-web, detection, edr, identity, mail, monitoring, password, RedTeam, saas, service, siem, soc, social-engineering, strategy, threat, tool, update, vulnerability, vulnerability-management

669226129Trotz Millioneninvestitionen in Security Operations Center (SOCs) und modernsten Detection-Technologien sind Breaches weiterhin an der Tagesordnung Tendenz weiterhin steigend.In meiner Erfahrung reagiert nur etwa jedes zwanzigste SOC effektiv auf die ausgeklügelten identitätsbasierten Angriffe, mit denen wir heute konfrontiert sind. Das ist allerdings kein technologisches, sondern ein Paradigmenproblem. Und es ist an der Zeit, zu erkennen,…
Workday Breach Breakdown: A Growing Trend of Breaches – Grip

Aug 26, 2025 12:55 AM

Tags: breach, cyber, saas, threat

The Workday breach highlights a rising wave of SaaS attacks. Learn why cyber threats spike in the second half of 2025 and how to stay ahead of the breach curve. First seen on securityboulevard.com Jump to article: securityboulevard.com/2025/08/workday-breach-breakdown-a-growing-trend-of-breaches-grip/
How AI is Changing the Game for SaaS Sales Teams

Aug 25, 2025 8:55 PM

Tags: ai, saas

AI is transforming how SaaS companies find and convert customers. While traditional companies struggle with 32% conversion rates, AI-native firms hit 56%. Learn how automated GTM agents work 24/7 to spot prospects, track competitors, and optimize revenue”, with real results. First seen on securityboulevard.com Jump to article: securityboulevard.com/2025/08/how-ai-is-changing-the-game-for-saas-sales-teams/
How AI is Changing the Game for SaaS Sales Teams

Aug 25, 2025 8:55 PM

Tags: ai, saas

AI is transforming how SaaS companies find and convert customers. While traditional companies struggle with 32% conversion rates, AI-native firms hit 56%. Learn how automated GTM agents work 24/7 to spot prospects, track competitors, and optimize revenue”, with real results. First seen on securityboulevard.com Jump to article: securityboulevard.com/2025/08/how-ai-is-changing-the-game-for-saas-sales-teams/
Cybercriminals Exploit Cheap VPS to Launch SaaS Hijacking Attacks

Aug 25, 2025 2:54 PM

Tags: attack, cybercrime, exploit, saas

Darktrace researchers have discovered a new wave of attacks where cybercriminals use cheap Virtual Private Servers (VPS) to… First seen on hackread.com Jump to article: hackread.com/cybercriminals-exploit-cheap-vps-saas-hijack-attacks/
SaaS-Resilienz erfordert physisch getrennte und nicht veränderbare Speicherung

Aug 22, 2025 2:54 PM

Tags: backup, resilience, risk, saas

Keepit hat die Ergebnisse seiner Umfrage ‘Übersehen und ungeschützt: Wie die SaaS-Datenlücke die Resilienz bedroht” vorgestellt. Die Umfrage unter leitenden IT-Entscheidungsträgern ergab, dass 37 % der Befragten ausschließlich auf die nativen Backup-Funktionen ihrer SaaS-Anwendungen vertrauen und damit ein erhebliches Risiko für Datenverluste und Betriebsunterbrechungen eingehen. Unveränderbare, physisch getrennte Datenspeicherung wird als entscheidend angesehen, ebenso wie […]…
Attackers Abuse Virtual Private Servers to Compromise SaaS Accounts

Aug 22, 2025 1:54 PM

Tags: login, saas

Darktrace observed a coordinated campaign on customer SaaS accounts, all of which involved logins from IP addresses linked to VPS providers First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/attackers-virtual-servers/
Lenovo-Chatbot-Lücke wirft Schlaglicht auf KI-Sicherheitsrisiken

Aug 21, 2025 1:55 PM

Tags: ai, backdoor, best-practice, bug, ciso, cyberattack, exploit, group, injection, LLM, openai, phishing, risk, saas, tool, vulnerability, xss

Über eine Schwachstelle in Lenovos Chatbot für den Kundensupport ist es Forschern gelungen, Schadcode einzuschleusen.Der Chatbot ‘Lena” von Lenovo basiert auf GPT-4 von OpenAI und wird für den Kundensupport verwendet. Sicherheitsforscher von Cybernews fanden heraus, dass das KI-Tool anfällig für Cross-Site-Scripting-Angriffe (XSS) war. Die Experten haben eine Schwachstelle entdeckt, über die sie schädliche HTML-Inhalte generieren…
Why email security needs its EDR moment to move beyond prevention

Aug 20, 2025 4:55 PM

Tags: antivirus, control, edr, email, saas

Email security is stuck where antivirus was a decade ago”, focused only on prevention. Learn from Material Security why it’s time for an “EDR for email” mindset: visibility, post-compromise controls, and SaaS-wide protection. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/why-email-security-needs-its-edr-moment-to-move-beyond-prevention/
Lenovo chatbot breach highlights AI security blind spots in customer-facing systems

Aug 20, 2025 3:54 PM

Tags: access, ai, attack, backdoor, best-practice, breach, ciso, computer, control, data, group, injection, LLM, network, phishing, risk, saas, theft, vulnerability, xss

Enterprise-wide implications: While the immediate impact involved session cookie theft, the vulnerability’s implications extended far beyond data exfiltration.The researchers warned that the same vulnerability could enable attackers to alter support interfaces, deploy keyloggers, launch phishing attacks, and execute system commands that could install backdoors and enable lateral movement across network infrastructure.”Using the stolen support agent’s…
Backup in SaaS-Umgebungen in der Praxis

Aug 20, 2025 1:54 PM

Tags: backup, cloud, microsoft, saas

Die Datensicherung für Cloud- und Onpremises-Konzepte sollten effizient unter einer Plattform erfolgen und zudem unveränderlichen Speicher unterstützen. Ein mittelständisches Bauunternehmen gibt Einblicke, wie es diese Herausforderung für Microsoft-365 mit Arcserve innerhalb kurzer Zeit gemeistert hat. Traditionelle oder veraltete Backup-Lösungen können kaum noch den adäquaten Schutz für die Daten leisten weder hinsichtlich eines klassischen Ausfalls […]…