Tag: saas
-
So rechtfertigen Sie Ihre Security-Investitionen
Tags: ai, ciso, cloud, compliance, cyberattack, cybersecurity, cyersecurity, Hardware, infrastructure, resilience, risk, saas, service, strategy, tool, vulnerability, zero-trustLesen Sie, welche Aspekte entscheidend sind, um die Investitionen in die Cybersicherheit im Unternehmen zu rechtfertigen.In modernen Unternehmensumgebungen werden Investitionen in Sicherheitstechnologien nicht mehr nur anhand ihres technischen Reifegrades beurteilt. Die Finanzierung hängt vermehrt davon ab, inwieweit sich damit Umsatz generieren lässt, Risiken gemindert und Mehrwerte für Aktionäre geschaffen werden. Von CISOs wird erwartet, dass…
-
Secure by Design, Visible by Choice: Why Authentication Page Optimization Matters for B2B SaaS
Enterprise customers demand both ironclad security and seamless user experiences. Your authentication pages are more than just login forms”, they’re the gat First seen on securityboulevard.com Jump to article: securityboulevard.com/2025/09/secure-by-design-visible-by-choice-why-authentication-page-optimization-matters-for-b2b-saas/
-
Top 10 Best External Penetration Testing Companies in 2025
External penetration testing is a crucial practice for any organization aiming to validate its security posture against real-world threats. In 2025, with the proliferation of cloud services, SaaS applications, and remote work, an organization’s external attack surface is larger and more complex than ever. An external penetration test simulates a real-world cyber attack, targeting public-facing…
-
What the Salesloft Drift breaches reveal about 4th-party risk
Tags: access, ai, api, attack, breach, control, data, data-breach, email, exploit, google, hacker, incident response, intelligence, monitoring, risk, risk-assessment, saas, soc, software, startup, supply-chain, technology, threat, tool, zero-trustFebruary 2024: SalesLoft acquires Drift, an AI-powered chatbot companyThe hidden legacy: Drift’s existing OAuth tokens to thousands of Salesforce and Google Workspace instances probably remained activeTime passes: Tokens and app permissions remain valid unless explicitly rotated or revoked.August 2025: Attackers abuse OAuth tokens associated with the Drift application to enumerate and exfiltrate Salesforce data; a…
-
Salesloft Drift Security Breach Expands: Dozens of Companies Confirm Exposure in OAuth-Based Cyberattack
Tags: breach, cloud, credentials, cyberattack, cybersecurity, data, infrastructure, saas, software, supply-chainA Salesloft Drift cyberattack has compromised the Salesforce environments of numerous organizations, exposing customer data and credentials in a growing software supply chain incident. Triggered by a compromise of OAuth tokens used in the Drift chatbot’s integration with Salesforce, the Salesloft Drift security breach has impacted companies across cybersecurity, cloud infrastructure, DevOps, and SaaS industries.…
-
When AI nukes your database: The dark side of vibe coding
Tags: ai, application-security, attack, authentication, automation, ciso, computer, control, corporate, data, data-breach, defense, dos, email, flaw, governance, incident response, injection, jobs, LLM, microsoft, open-source, password, risk, saas, skills, supply-chain, threat, tool, training, zero-trustprivate paths, on another instance.Worthington warns this is one of the most frequent red flags in threat intel. When vibe-coded applications reach incident response, she says, “You’ll often see absence of logging, lack of source control, or weak authentication alongside hardcoded secrets. Rather than a single fingerprint, it’s a collection of sloppy behaviors that point…
-
When AI nukes your database: The dark side of vibe coding
Tags: ai, application-security, attack, authentication, automation, ciso, computer, control, corporate, data, data-breach, defense, dos, email, flaw, governance, incident response, injection, jobs, LLM, microsoft, open-source, password, risk, saas, skills, supply-chain, threat, tool, training, zero-trustprivate paths, on another instance.Worthington warns this is one of the most frequent red flags in threat intel. When vibe-coded applications reach incident response, she says, “You’ll often see absence of logging, lack of source control, or weak authentication alongside hardcoded secrets. Rather than a single fingerprint, it’s a collection of sloppy behaviors that point…
-
When AI nukes your database: The dark side of vibe coding
Tags: ai, application-security, attack, authentication, automation, ciso, computer, control, corporate, data, data-breach, defense, dos, email, flaw, governance, incident response, injection, jobs, LLM, microsoft, open-source, password, risk, saas, skills, supply-chain, threat, tool, training, zero-trustprivate paths, on another instance.Worthington warns this is one of the most frequent red flags in threat intel. When vibe-coded applications reach incident response, she says, “You’ll often see absence of logging, lack of source control, or weak authentication alongside hardcoded secrets. Rather than a single fingerprint, it’s a collection of sloppy behaviors that point…
-
Qualys Confirms Cyberattack Campaign Targeting Salesforce via Salesloft and Drift
Qualys has confirmed that it was recently impacted by a cybersecurity campaign targeting Salesloft and Drift, two third-party SaaS platforms that integrate with Salesforce. The company emphasized that customer data and its own production environments on the Qualys Cloud Platform remain fully secure, with no disruption to operations or services. The incident, which is described…
-
Qualys Confirms Cyberattack Campaign Targeting Salesforce via Salesloft and Drift
Qualys has confirmed that it was recently impacted by a cybersecurity campaign targeting Salesloft and Drift, two third-party SaaS platforms that integrate with Salesforce. The company emphasized that customer data and its own production environments on the Qualys Cloud Platform remain fully secure, with no disruption to operations or services. The incident, which is described…
-
Check Point ernennt Brett Theiss zum Chief Marketing Officer
Tags: saasMit mehr als zwei Jahrzehnten Erfahrung in der Technologie- und SaaS-Marketingführung wird Theiss dafür verantwortlich sein, die externe Wahrnehmung der innovativen Sicherheitslösungen von Check Point zu gestalten und Marketinginitiativen aufeinander abzustimmen, um Wachstum und Innovation in allen Märkten zu beschleunigen. First seen on infopoint-security.de Jump to article: www.infopoint-security.de/check-point-ernennt-brett-theiss-zum-chief-marketing-officer/a41911/
-
Hackers Exploit Google Calendar API with Serverless MeetC2 Framework
A novel serverless command-and-control (C2) technique that abuses Google Calendar APIs to obscure malicious traffic inside trusted cloud services. Dubbed MeetC2, this lightweight, cross-platform proof-of-concept demonstrates how adversaries can seamlessly blend C2 communications into everyday SaaS usage, presenting fresh detection, telemetry, and response challenges for red and blue teams alike. In a recent internal purple-team…
-
Microsoft Backs Sola’s $35M Push Into Autonomous AI Security
Series A Fuels Deeper AI, Expanded Integrations and Product-Led Growth Adoption. Backed by S32 and Microsoft, Sola Security secured $35 million to advance its autonomous AI engine. The Israeli startup aims to shift from reactive prompts to proactive agent-based systems that solve security tasks across SaaS, cloud and identity domains. First seen on govinfosecurity.com Jump…
-
Salesloft Drift Breach: 7 Steps to Protect Your Organization
The Salesloft Drift breach is expanding fast. Learn what’s at risk and the 7 critical steps security teams should take to protect their SaaS ecosystem. First seen on securityboulevard.com Jump to article: securityboulevard.com/2025/09/salesloft-drift-breach-7-steps-to-protect-your-organization/
-
SaaS giant Workiva discloses data breach after Salesforce attack
Workiva, a leading cloud-based SaaS (Software as a Service) provider, notified its customers that attackers who gained access to a third-party customer relationship management (CRM) system stole some of their data. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/saas-giant-workiva-discloses-data-breach-after-salesforce-attack/
-
A CISO’s guide to monitoring the dark web
Tags: access, attack, authentication, breach, ciso, cloud, credentials, cyber, cybercrime, dark-web, data, data-breach, detection, extortion, guide, identity, incident response, intelligence, law, leak, marketplace, mfa, monitoring, okta, risk, saas, service, supply-chain, technology, threat, vpn, vulnerabilityIs your company data on the dark web? Here’s what to look for and what do if your data now lives on the dark web. Sıla Özeren / Picus Security If you’re looking for broader threats against your organization, pay close attention to what initial access brokers (IABs) are offering for sale on the dark…
-
A CISO’s guide to monitoring the dark web
Tags: access, attack, authentication, breach, ciso, cloud, credentials, cyber, cybercrime, dark-web, data, data-breach, detection, extortion, guide, identity, incident response, intelligence, law, leak, marketplace, mfa, monitoring, okta, risk, saas, service, supply-chain, technology, threat, vpn, vulnerabilityIs your company data on the dark web? Here’s what to look for and what do if your data now lives on the dark web. Sıla Özeren / Picus Security If you’re looking for broader threats against your organization, pay close attention to what initial access brokers (IABs) are offering for sale on the dark…
-
A CISO’s guide to monitoring the dark web
Tags: access, attack, authentication, breach, ciso, cloud, credentials, cyber, cybercrime, dark-web, data, data-breach, detection, extortion, guide, identity, incident response, intelligence, law, leak, marketplace, mfa, monitoring, okta, risk, saas, service, supply-chain, technology, threat, vpn, vulnerabilityIs your company data on the dark web? Here’s what to look for and what do if your data now lives on the dark web. Sıla Özeren / Picus Security If you’re looking for broader threats against your organization, pay close attention to what initial access brokers (IABs) are offering for sale on the dark…
-
Zscaler, Palo Alto Networks Breached via Salesloft Drift
Two major security firms suffered downstream compromises as part of a large-scale supply chain attack involving Salesloft Drift, a marketing SaaS application from Salesforce. First seen on darkreading.com Jump to article: www.darkreading.com/cyberattacks-data-breaches/zscaler-palo-alto-networks-breached-salesloft-drift
-
Der Drift-Salesforce-Angriff zeigt wie SaaS-Integrationen zum Sicherheits-Albtraum werden
Ein SaaS-Sicherheitsalbtraum für IT-Manager in aller Welt wurde kürzlich wahr: Hacker nutzten legitime OAuth-Tokens aus der Drift-Chatbot-Integration von Salesloft mit Salesforce, um unbemerkt Kundendaten von der beliebten CRM-Plattform zu exfiltrieren. Der ausgeklügelte Angriff deckt einen kritischen toten Winkel auf, von dem die meisten Sicherheits-Teams nicht einmal wissen, dass sie von ihm betroffen sind. Wenn SaaS-Integrationen…
-
Check Point analysiert den Drift-Salesforce-Angriff auf Salesforce
Mit der zunehmenden Verbreitung von SaaS und der wachsenden Komplexität der Integration werden Angriffe wie dieser noch häufiger vorkommen. Diesen Zwischenfall als Weckruf zu verstehen, ist daher das Gebot der Stunde. First seen on infopoint-security.de Jump to article: www.infopoint-security.de/check-point-analysiert-den-drift-salesforce-angriff-auf-salesforce/a41864/
-
Supply-chain attack hits Zscaler via Salesloft Drift, leaking customer info
Zscaler breach tied to Salesloft Drift attack exposed Salesforce data, leaking customer info and support case details in a supply-chain compromise. Zscaler discloses a data breach that is linked to the recent Salesloft Drift attack. The cybersecurity vendor confirmed it was affected by a campaign targeting Salesloft Drift, a marketing SaaS integrated with Salesforce. Threat…
-
News alert: SquareX finds browser flaw undermining passkeys while exposing banking and SaaS apps
Palo Alto, Calif., Aug. 28, 2025, CyberNewswire, It is no secret that passwords are highly susceptible to phishing and brute force attacks. This led to the mass adoption of passkeys, a passwordless authentication method leveraging cryptographic key pairs that… (more”¦) First seen on securityboulevard.com Jump to article: securityboulevard.com/2025/08/news-alert-squarex-finds-browser-flaw-undermining-passkeys-while-exposing-banking-and-saas-apps/
-
How MCP in SaaS Security Helps You Outrun SaaS and AI Risks
Outrun threats with MCP in SaaS security. See how GripMCP’s speed, automation, and GenAI guardrails turn SaaS risk from a chase into controlled remediation. First seen on securityboulevard.com Jump to article: securityboulevard.com/2025/08/how-mcp-in-saas-security-helps-you-outrun-saas-and-ai-risks/
-
115.000 Phishing-Emails in einer Woche versendet
Tags: awareness, best-practice, cyber, email, google, infrastructure, mail, phishing, saas, softwareEine neue Art des Phishings breitet sich aus. Sie setzt dabei auf bewährte Marken, unaufgeklärte Mitarbeitende und ungeschützte Kanäle.Laut Google nutzen 40 Millionen Lehrer und Schüler weltweit Google Classroom, um Leistungsnachweise, Schulaufgaben und Lehrmaterial bereitzustellen. Da die Software weit verbreitet ist, wird sie attraktiv für Cyberkriminelle. Eine immer noch aktive, weltweite auftretende Kampagne hat der…