Search This Blog
Powered by Blogger.

Blog Archive

Labels

About Me

Load More
Trendy Right Now

Popular Posts

Showing posts with label Application Security. Show all posts
User Privacy
Android Spyware Application Security Data Safety Mobile Hacking Mobile Security User Privacy

Five Markers that Your Phone is Being Spied on or Has Been Compromised

 

A notification stating that "State-sponsored attackers may be targeting your iPhone" was received by a number of leaders of India's opposition parties, including the Indian National Congress, Trinamool Congress, and Shiv Sena, earlier this week. A commotion and discussion on social media ensued when they claimed that the government was spying on the opposition leaders. A statement on the subject has already been released by Apple. Smart apps that blend into your phone's background are what carry out the spying. 

In order to determine whether your phone has been hacked, you can look for the following indicators. 

 
Phone's battery is draining faster than usual 

The first and simplest way to determine whether your phone has been compromised is to examine the battery behaviour. If you've started charging your phone too frequently, or if the battery is draining faster than usual, it's possible that malware or fraudulent apps are using malicious code that drains a lot of power. It should be noted that you must first ensure that there are not a large number of apps running in the background, as this consumes battery. 

Suspicious activity on linked accounts 

Users have multiple accounts on their phones, including Facebook, Instagram, and others. If you see posts made by your account that you don't remember making, it might suggest a breach in your defence. If you are unable to send or receive emails from your phone, hackers may have hacked your device.

Odd pop-ups

Push notifications for fake virus alerts and other threatening messages could indicate that you have adware on your phone, which requires input from you in order to function. Never click on such kinds of messages or notifications. 

Check your phone's app list

Most people are aware of the apps they use. Look through the list of apps on your smartphone and remove any that you don't recognise as they might contain spyware. Apps should always be downloaded from the App Store or Google Play Store. Before downloading, make sure the developer information, spelling, and app description are correct. 

Increased use of mobile data 

Verify whether you are using more data on your mobile device than usual or if it has increased suddenly. It's possible that malicious software or apps are using up your mobile data in the background.
Read more »
Threat Landscape
Application Security Cyber Security Vendor SaaS Platform Technology Threat Landscape

Check Point to Acquire Cyber Startup Atmosec to Boost Its SaaS Security Offering

 

Check Point Software intends to acquire an early-stage SaaS security business founded by former Armis leaders in order to anticipate and combat malicious application threats. 

According to Vice President of Product Management Eyal Manor, the Silicon Valley-based platform security vendor's proposed acquisition of Tel Aviv, Israel-based Atmosec will give customers a better understanding of what's going on with the SaaS platforms that power their businesses, such as Office 365, Salesforce, and GitHub. Each of these platforms has thousands of apps running in the background, some of which are harmful. 

"We really loved their technology. We loved the demo. This is exactly the share of mind that our customers are looking for. This is the share of mind that is basically part of our DNA. We saw that, and we really liked it," Manor told Information Security Media Group. 

In trading on Wednesday, Check Point's shares rose $0.01, or 0.01%, to $133.86 per share. The acquisition's terms, which are slated to conclude by mid-September, were not disclosed. Check Point agreed to buy New York-based zero trust network access and secure web gateway firm Perimeter 81 for $490 million less than a month ago. 

Atmosec's capabilities, according to Manor, go beyond SaaS security posture management, which concentrates on the configuration surface and can block users from connecting without multifactor authentication. Atmosec handles apps that access SaaS platforms and can promptly, automatically, and autonomously fix any issues with poor, rogue, or untrusted applications. 

Atmosec can integrate with office productivity tools, CRM environments, development environments, and HR platforms to offer customers a picture of what's going on and to stop threat activity. Manor claims that combining Perimeter 81's ZTNA and SWG assets with Atmosec's SaaS security product and Check Point's native SD-WAN tool will enable the company to provide consolidated, single-vendor SASE. 

According to Manor, Check Point has also expanded organic security service edge capabilities as part of its Harmony Connect product, which focuses on identifying, blocking, and understanding known, unknown, and zero-day vulnerabilities. However, Manor said that Check Point had not invested sufficiently in network infrastructure, leaving clients without network-as-a-service capabilities or private network cloud assets. 

Many firms have battled with usability when it comes to adopting and maintaining SASE infrastructure due to the delay associated with routing data across distant locations. As a result, he claims that some organisations have chosen to implement less security protections in order to maintain usability. When properly set, SASE both prevents risks and provides a fantastic user experience, according to Manor. 

Perimeter 81 will ultimately provide CheckPoint clients a native, private virtual network via a variety of providers, with Atmosec supplying the SaaS platform and Harmony Connect supplying the security layer. Manor intends to monitor the extent of SaaS security service uptake by current CheckPoint clients as well as their level of SASE tool usage.
Read more »
Technology Threats
Application Security Cybersecurity Software Code Pipeline Security Technology Threats

Federal Report Highlights Steps for Enhancing Software Code Pipeline Security Amid App Attacks

 

In a recent update, the National Security Agency (NSA) and the Cybersecurity and Infrastructure Security Agency (CISA) collaborated on an advisory memorandum with the aim of strengthening security measures within application development software supply chains. 
The memo, titled "Defending Continuous Integration/Continuous Delivery (CI/CD) Pipelines," delves into the vulnerabilities associated with deployment processes and sheds light on potential methods that attackers can employ to exploit these pipelines. 

These tactics range from the theft of login credentials and encryption keys to injecting malware into or assuming control over source code projects. To address these concerns, the advisory memo draws heavily upon the MITRE ATT&CK threat framework, utilizing its threat classification system to offer recommended strategies and countermeasures. The publication underscores the substantial scope for improvement in this area and serves as a valuable resource for enhancing defense mechanisms. 

According to the recent State of Software Security report by Veracode Inc., a significant majority of the 130,000 applications tested exhibited at least one security flaw, accounting for 76% of the total. Furthermore, the report highlighted that approximately 24% of all applications assessed contained high-severity flaws. These findings indicate a substantial scope for improvement and ample opportunity to develop more secure applications. 

Software code pipeline security encompasses the following measures and practices: 

Source Code Management: Implement secure version control systems with proper access controls and monitoring to protect code repositories. 

Build Process Security: Ensure secure build environments and tools to prevent tampering or injection of malicious code. Validate dependencies and use approved components. 

Code Testing and Analysis: Conduct comprehensive security testing and code analysis at different stages of the pipeline. Utilize static code analysis, dynamic testing, and vulnerability scanning. 

Secure Artifact Storage: Safeguard artifacts generated during the build process, such as binaries or container images. Maintain secure storage and apply appropriate access controls. 

Deployment Security: Establish secure deployment practices to deploy authorized and validated artifacts to production environments. Verify code integrity and detect unauthorized changes. 

Continuous Monitoring: Implement continuous monitoring and logging mechanisms to identify security incidents, unauthorized access attempts, anomalies, or code tampering. 

Access Control and Authentication: Enforce proper access controls and authentication mechanisms for code repositories, build servers, and deployment environments. Utilize strong authentication, role-based access control, and least privilege principles. 

By implementing these security measures throughout the code pipeline, organizations can enhance protection against code tampering, unauthorized access, and vulnerabilities, ensuring the overall security and integrity of the software development process. 


Read more »
Vulnerabilities and Exploits
Application Security Security flaw Threat Intelligence Unpatched Flaws Vulnerabilities and Exploits

Online Thieves Exploits Vulnerability in Microsoft Visual Studio

 

Security professionals are alerting users regarding a vulnerability in the Microsoft Visual Studio installer that enables hackers to distribute harmful extensions to application developers while posing as a trusted software vendor. From there, they may sneak into development environments and seize control while contaminating code, stealing very valuable intellectual property, and doing other things. 

The CVE-2023-28299 spoofing vulnerability was patched by Microsoft as part of its April security release. At the time, the business rated the bug as having a low likelihood of being exploited and categorised the vulnerability as having moderate severity. However, the Varonis researchers who first identified the vulnerability provided a somewhat different perspective on the flaw and its potential consequences in a blog post this week.

According to the researchers, the flaw should be addressed because it is easily exploitable and is present in a product with a 26% market share and more than 30,000 consumers.

"With the UI bug found by Varonis Threat Labs, a threat actor could impersonate a popular publisher and issue a malicious extension to compromise a targeted system," Varonis security researcher Dolor Taler explained. "Malicious extensions have been used to steal sensitive information, silently access and change code, or take full control of a system." 

Varonis identified a vulnerability that affects several iterations of the Visual Studio integrated development environment (IDE), ranging from Visual Studio 2017 through Visual Studio 2022. The problem is a security restriction in Visual Studio that makes it simple for anyone to get over, preventing users from entering data in the "product name" extension field. 

Taler discovered that an attacker may get around that restriction by opening a Visual Studio Extension (VSIX) package as a.ZIP file, and then manually adding newline characters to a tag in the "extension.vsixmanifest" file. Developers use a newline character to indicate the end of a line of text so that the cursor will move to the start of the following line on the screen.

"And because a threat actor controls the area under the extension name, they can easily add fake 'Digital Signature' text, visible to the user and appearing to be genuine," Taler added.
Read more »
Vulnerabilities and Exploits
Ad Scam Application Security Backdoor Installation Malicious Ad User Privacy Vulnerabilities and Exploits

Google Ads Exploited to Tempt Corporate Employees Into Installing LOBSHOT Backdoor

 

As part of a sophisticated scheme to trick corporate employees into installing malware, a newly uncovered backdoor and credential-stealer is disguising itself as a genuine software download. 

Elastic Software researchers spotted the malware, known as LOBSHOT, spreading through deceptive Google Ads for well-known remote-workforce applications like AnyDesk, they reported in a recent blog post. 

"Attackers promoted their malware using an elaborate scheme of fake websites through Google Ads and embedding backdoors in what appears to users as legitimate installers," researcher Daniel Stepanic wrote in the post. 

Additionally, LOBSHOT, a backdoor that appears to be financially motivated and steals victims' banking, cryptocurrency, and other credentials and data, appears to be the work of threat group TA505, which is known for disseminating the Clop ransomware, according to the researchers.

The DLL from download-cdn[.]com, a domain historically connected to the threat group known for its involvement in the Dridex, Locky, and Necurs operations, was run by the bogus download site used to disseminate LOBSHOT, according to the claim.

The researchers "assess with moderate confidence" that LOBSHOT is a new malware capability utilised by the gang based on this other infrastructure connected to TA505 that is used in the campaign. 

In addition, fresh samples associated with this family are being discovered by researchers every week, and they "expect it to be around for some time," he added. 

Utilising nefarious ads by Google 

Potential victims are exposed to LOBSHOT by clicking on Google Ads for what appear to be real workforce software, such AnyDesk, similar to similar threat campaigns seen earlier in the year. Similar tactics were used in January to propagate the malware-as-a-service Rhadamanthys Stealer using website redirects from Google Ads that also masqueraded as download pages for well-known remote-workforce applications like AnyDesk and Zoom.

According to Elastic Search, the campaigns are in fact connected to "a large spike" in the usage of malvertising that security researchers have been noticing since earlier this year. 

"Similar infection chains were observed in the security community with commonalities of users searching for legitimate software downloads that ended up getting served illegitimate software from promoted ads from Google," Stepanic further wrote. 

This behaviour indicates a pattern of persistent rival abuse and expansion of their influence "through malvertising such as Google Ads by impersonating legitimate software," he said. 

Stepanic recognised that while these malware kinds may appear to be minor and have a narrow scope, they actually pack a powerful punch thanks to their "fully interactive remote control capabilities" that enable threat actors to acquire initial access to corporate networks and carry out subsequent destructive activities. 

Infection chain 

When a person conducts a web search for a trustworthy piece of software, Google Ads returns a boosted result that is actually a malicious website. This is when the LOBSHOT infection chain starts. 

"In one observed instance, the malicious ad was for a legitimate remote desktop solution, AnyDesk," the researcher explained. "Careful examination of the URL goes to https://www.amydecke[.]website instead of the legitimate AnyDesk URL, https://www.anydesk[.]com." 

The consumer visits a landing page for the software they were hoping to download after clicking on that advertisement, which appears to be legitimate. 

The researchers claimed that it is actually an MSI installer that the user's PC executes after downloading. Stepanic stated that the landing pages had "very convincing branding that matched the legitimate software and had Download Now buttons that pointed to an MSI installer."

Elastic Software claims that when MSI is executed, a PowerShell is launched that downloads LOBSHOT through rundll32 and starts a connection with the attacker-owned command-and-control server. 

Exploitation and mitigation 

Attackers employ LOBSHOT's hVNC (Hidden Virtual Network Computing) component, a module that permits "direct and unobserved access to the machine," as one of its key features, to get access to targets. 

The hVNC (Hidden Virtual Network Computing) component of LOBSHOT is one of its key features. This module enables "direct and unobserved access to the machine," and is utilised by attackers to avoid detection, according to Stepanic. He added, "this feature is frequently baked into many popular families as plugins and continues to be successful in evading fraud-detection systems." 

According to the researchers, LOBSHOT, like the majority of malware currently in use, uses dynamic import resolution to get around protection software and delay the early discovery of its capabilities.

"This process involves resolving the names of the Windows APIs that the malware needs at runtime as opposed to placing the imports into the program ahead of time," Stepanic added. 

Researchers have provided links to several Elastic Search GitHub sites that illustrate preventative measures to fend off malware like LOBSHOT connected to its numerous activities, including Suspicious Windows Explorer Execution, Suspicious Parent-Child Relationship, and Windows.Trojan.Lobshot. 

The post also provides guidelines that businesses can use to build EQL searches to look for behaviours that are suspiciously similar to the ones that the researchers saw LOBSHOT execute in connection to grandparent, parent, and kid relationships.
Read more »
Vulnerability management
Application Security Cloud Security Data Safety Vulnerabilities and Exploits Vulnerability management

Unpatched ICS Flaws in Critical Infrastructure: CISA Issues Alert

 

This week, the US Cybersecurity and Infrastructure Security Agency (CISA) released recommendations for a total of 49 vulnerabilities in eight industrial control systems (ICS) utilised by businesses in various critical infrastructure sectors. Several of these vulnerabilities are still unpatched. 

Organizations in the critical infrastructure sectors must increasingly take cybersecurity into account. Environments for ICS and operational technology (OT) are becoming more and more accessible via the Internet and are no longer air-gapped or compartmentalised as they once were. As a result, both ICS and OT networks have grown in popularity as targets for both nation-state players and threat actors driven by financial gain.

That's bad because many of the flaws in the CISA advisory can be remotely exploited, only require a simple assault to succeed, and provide attackers access to target systems so they may manipulate settings, elevate privileges, get around security measures, steal data, and crash systems. Products from Siemens, Rockwell Automation, Hitachi, Delta Electronics, Keysight, and VISAM all have high-severity vulnerabilities. 

The CISA recommendation was released at the same time as a study from the European Union on threats to the transportation industry, which included a similar warning about the possibility of ransomware attacks on OT systems used by organisations that handle air, sea, rail, and land transportation. Organizations in the transportation industry are also affected by at least some of the susceptible systems listed in CISA's alert. 

Critical vulnerabilities

Siemens' RUGGEDCOM APE1808 technology contains seven of the 49 vulnerabilities listed in CISA's alert and is not currently patched. The flaws give an attacker the ability to crash or increase the level of privileges on a compromised system. The device is presently used by businesses in several critical infrastructure sectors all around the world to host commercial applications. 

The Scalance W-700 devices from Siemens have seventeen more defects in various third-party parts. The product is used by businesses in the chemical, energy, food, agricultural, and manufacturing sectors as well as other critical infrastructure sectors. In order to protect network access to the devices, Siemens has urged organisations using the product to update their software to version 2.0 or later. 

InfraSuite Device Master, a solution used by businesses in the energy sector to keep tabs on the health of crucial systems, is impacted by thirteen of the recently discovered vulnerabilities. Attackers can utilise the flaws to start a denial-of-service attack or to obtain private information that could be used in another attack. 

Other vendors in the CISA advisory that have several defects in their products include Visam, whose Vbase Automation technology had seven flaws, and Rockwell Automaton, whose ThinManager product was employed in the crucial manufacturing industry and had three flaws. For communications and government businesses, Keysight had one vulnerability in its Keysight N6845A Geolocation Server, while Hitachi updated details on a previously known vulnerability in its Energy GMS600, PWC600, and Relion products. 

For the second time in recent weeks, CISA has issued a warning to firms in the critical infrastructure sectors regarding severe flaws in the systems such organisations employ in their operational and industrial technology settings. Similar warnings on flaws in equipment from 12 ICS suppliers, including Siemens, Hitachi, Johnson Controls, Panasonic, and Sewio, were released by the FCC in January. 

Many of the defects in the previous warning, like the current collection of flaws, allowed threat actors to compromise systems, increase their privileges, and wreak other havoc in ICS and OT contexts. 

OT systems under attack

A report this week on cyberthreats to the transportation industry from the European Union Agency for Cybersecurity (ENISA) issued a warning about potential ransomware attacks against OT systems. The report's analysis of 98 publicly reported incidents in the EU transportation sector between January 2021 and October 2022 was the basis for the report. 

According to the data, 47% of the attacks were carried out by cybercriminals who were motivated by money. The majority of these attacks (38%) involved ransomware. Operational disruptions, spying, and ideological assaults by hacktivist groups were a few more frequent reasons. 

Even while these attacks occasionally caused collateral damage to OT systems, ENISA's experts did not discover any proof of targeted attacks on them in the 98 events it examined. 

"The only cases where OT systems and networks were affected were either when entire networks were affected or when safety-critical IT systems were unavailable," the ENISA report stated. However, the agency expects that to change. "Ransomware groups will likely target and disrupt OT operations in the foreseeable future."

The research from the European cybersecurity agency cited an earlier ENISA investigation that warned of ransomware attackers and other new threat groups tracked as Kostovite, Petrovite, and Erythrite that target ICS and OT systems and networks. The report also emphasised the ongoing development of malware designed specifically for industrial control systems, such as Industroyer, BlackEnergy, CrashOverride, and InController, as indicators of increasing attacker interest in ICS environments. 

"In general, adversaries are willing to dedicate time and resources in compromising their targets to harvest information on the OT networks for future purposes," the ENISA report further reads. "Currently, most adversaries in this space prioritize pre-positioning and information gathering over disruption as strategic objectives."
Read more »
Vulnerabilities and Exploits
Active Directory Application Security Threat Intelligence User Privacy User Security Vulnerabilities and Exploits

Enterprise Attack Surface Widening Access Control Gap in Microsoft Active Directory

 

Users in Windows environments may be able to access domains other than those for which they are authenticated due to a security flaw in Microsoft's Active Directory (AD) service that IT administrators may not be aware of. 

The majority of Windows domain-type networks come pre-configured with AD, Microsoft's all-purpose identity management tool for authenticating computers, printers, users, and virtually anything else taking part in an IT environment. According to Frost & Sullivan, tens of thousands of businesses use the service, including 90% of the Global Fortune 1000 corporations.

By using AD to manage authentication across a domain, network administrators may ensure that only authorised users can access the resources that have been assigned to them. 

Nevertheless, Charlie Clark, a security researcher at Semperis, described how a user might circumvent AD's security measures and access domains for which they were not specifically given permission in a study released on March 14. He says that by doing so, an attacker's "attack surface" is greatly enlarged. Obviously, the larger the attack surface, the more likely it is that an attacker will discover an exploitable bug. 

The transitive property of mathematics states that if a = b and b = c, then a = c. In AD, if domain A connects to domain B and domain B links to domain C, domains A and C may or may not be able to access one another depending on whether they share a "transitive trust." According to Microsoft's website, "transitivity controls whether a trust can be extended outside of the two domains with which it was built." 

An external trust—a manually created, nontransitive form of trust in AD—could exist between two domains belonging to two different organisations. The problem, according to Clark, is that one firm can utilise external trust to access sister domains that are part of the same group (referred to by Microsoft as a "forest") as the second, even if no formal external trust has been established for those domains. 

"An authorised user from one domain would only be able to target the precise domain they've established a trust with," as per Clark, assuming what we believed about non-transitive trusts were accurate. They wouldn't be able to go to other domains outside of the forest." 

As opposed to this, "every account within the trusted domain will be able to authenticate against any domain throughout the whole forest in which the trusting domain resides," he stated in his research. 

A malicious user who learns how to move about a forest at will can gain access to things like accounts and data that they shouldn't be able to find.

Clark claims that because it is so simple to take control of one domain inside a forest, it "allows an attacker to have a significantly bigger attack surface from any low-privileged user on a trusted domain." 

On May 4, 2022, Clark informed Microsoft of his initial findings. In an email on September 29, Microsoft stated that "According to our assessment, this submission does not constitute a security issue for servicing. This research doesn't seem to point out any flaws in Microsoft products or services that could allow an attacker to compromise their integrity, accessibility, or confidentiality." The business then concluded the investigation. 

Trust: Why it matters 

Clark spent more than 15 years working as a systems administrator and six years as a pen tester. Every medium-sized to major infrastructure or business I've worked with has had external trusts, he asserts. He claims that if extra safeguards aren't in place, the majority of AD's clients are most likely at risk right now. 

Clark advises administrators to delete all external trusts in order to safeguard against this type of access control misuse in addition to Microsoft's suggestions. The next best thing is to keep track of which users are accessing what if this is not achievable. 

Awareness is ultimately the most crucial factor. A false sense of security could otherwise cause administrators to make mistakes. People can tell that the risk is larger for a trustworthy domain. So they might put more security in place for that domain, Clark says, but they might not put the same level of security in place for the other domains in the forest even though the risk is identical. 

"I think the main thing is to make system admins aware that this is possible," Clark concluded. By knowing this, "they can harden the rest of the domain sufficiently."
Read more »
Security Vendors
Application Security Cyber Security Data Safety Illegal Apps SaaS Apps Security Vendors

Dangers of Adopting Unsanctioned SaaS Applications

 

A sleek little app-store sidebar was silently introduced to the right side of your session screen by the most recent programme update, as you might have seen on your most recent Zoom calls. With the touch of a button and without even pausing their Zoom session, this feature enables any business user inside your company to connect the software-as-a-service (SaaS) apps displayed in the sidebar.

The fact that anyone within an organisation can deploy, administer, and manage SaaS applications emphasises both one of the major strengths and security threats associated with SaaS. Although this technique could be quick and simple for business enablement, it also intentionally avoids any internal security review procedures. 

As a result, your security team is unable to identify which applications are being adopted and used, as well as whether or not they may be vulnerable to security threats, whether or not they are being used securely, or how to put security barriers in place to prevent unauthorised access to them. Zero-trust security principles become nearly hard to enforce. 

Joint Obligation 

Companies need to understand that they are continually being urged by vendors to install additional apps and adopt new features before they reprimand their staff for recklessly utilising SaaS applications. Indeed, the applications themselves frequently meet crucial business demands, and sure, employees naturally want to use them right away without waiting for a drawn-out security evaluation. But, whether they are aware of it or not, they are acting in this way because shrewd application providers are actively marketing to them and frequently tricking users into thinking they are adhering to security best practices. Users are not always reading the consent text displayed on the consent screens that are intended to give users pause during installation and nudge them to read about their rights and obligations. 

Always be cautious

In other circumstances, security is frequently presumed. Consider well-known brands' application markets. Vendors do not have the motivation, financial interest, or capacity to assess the security posture of every third-party application sold on their marketplaces. Yet, in order to promote the business, they may mislead users into believing that anything sold there retains the same level of protection as the marketplace vendor, frequently by omission. Similarly, market descriptions may be worded in such a way as to imply that their application was developed in partnership with or approved by a significant, secure brand.

The use of application marketplaces results in third-party integrations that pose the same vulnerabilities as those that led to numerous recent assaults. During the April 2022 GitHub assault campaign, attackers were able to steal and exploit legitimate Heroku and Travis-CI OAuth tokens issued to well-known suppliers. According to GitHub, the attackers were able to steal data from dozens of GitHub customers and private repositories by using the trust and high access offered to reputable vendors. 

Similarly, CircleCI, a provider focusing in CI/CD and DevOps technologies, reported in December 2022 that some customer data was stolen in a data breach. The investigation was sparked by a hacked GitHub OAuth token. According to the CircleCI team's research, the attackers were able to obtain a valid session token from a CircleCI engineer, allowing them to bypass the two-factor authentication mechanism and gain unauthorised access to production systems. They were able to steal consumer variables, tokens, and keys as a result. 

An Attraction to Frictionless Adoption 

Vendors also design their platforms and incentive plans to make adoption as simple as accepting a free trial, a lifetime free service tier, or swiping a credit card, frequently with alluring discounts to try and buy without commitment. Vendors want users to adopt any exciting, new capability immediately, so they remove all barriers to adoption, including going around ongoing IT and security team reviews. It is hoped that an application will prove to be too well-liked by business users and crucial to corporate operations to be removed, even if security personnel become aware of its use. 

Making adoption too simple, however, can also result in a rise in the number of underutilised, abandoned, and exposed apps. An app can frequently continue to function after it has been rejected during a proof of concept (PoC), abandoned because users have lost interest in it, or the app owner has left the company. This results in an expanded and unprotected attack surface that puts the organisation and its data at greater risk.

While educating business users on SaaS security best practises is important, it's even more crucial to prevent SaaS sprawl by teaching them to think more critically about the seductive promises of quick deployment and financial incentives made by SaaS suppliers.

Additionally, security teams ought to use solutions that can help them manage risks associated with SaaS misconfiguration and SaaS-to-SaaS integrations. These technologies allow customers to continue utilising SaaS applications as required while also conducting security due diligence on new vendors and integrations and setting up crucial security barriers.
Read more »
Subscribe to: Posts (Atom)