Session Hijacking 2.0 — The Latest Way That Attackers are Bypassing MFA

Attackers are increasingly turning to session hijacking to get around widespread MFA adoption. The data supports this, as: 147,000 token replay attacks were detected by Microsoft in 2023, a 111% increase year-over-year Microsoft. Attacks on session cookies now happen in the same order of magnitud...

How to Accelerate Vendor Risk Assessments in the Age of SaaS Sprawl

In today's digital-first business environment dominated by SaaS applications, organizations increasingly depend on third-party vendors for essential cloud services and software solutions. As more vendors and services are added to the mix, the complexity and potential vulnerabilities within the Sa...

Cloudflare Public Bug Bounty: Accessing apps protected via ZT's Access when user account is deleted/disabled even after clearing user session/seat

Server-side validation checks were implemented after access to SaaS apps protected via ZT's Access could be gained when a user account was deleted or disabled by preserving metadata of the Access JWT and using another active user account within the same organization, despite lacking proper...

How to Protect Patients and Their Privacy in Your SaaS Apps

The healthcare industry is under a constant barrage of cyberattacks. It has traditionally been one of the most frequently targeted industries, and things haven't changed in 2023. The U.S. Government's Office for Civil Rights reported 145 data breaches in the United States during the first quarter...

Who Has Control: The SaaS App Admin Paradox

Imagine this: a company-wide lockout to the company CRM, like Salesforce, because the organization's external admin attempts to disable MFA for themselves. They don't think to consult with the security team and don't consider the security implications, only the ease which they need for their team...

Attack Surface Management: a Critical Pillar of Cybersecurity Asset Management

In their recent Innovation Insight for Attack Surface Management report, Gartner calls Attack Surface Management or “ASM”, for short the first pillar in a broader Exposure Management strategy. According to Gartner, ASM addresses the questions: What does my organization look like from an attacker’...

Is 3rd Party App Access the New Executable File?

It's no secret that 3rd party apps can boost productivity, enable remote and hybrid work and are overall, essential in building and scaling a company's work processes. An innocuous process much like clicking on an attachment was in the earlier days of email, people don't think twice when connecti...

Cloudquery - Transforms Your Cloud Infrastructure Into SQL Database For Easy Monitoring, Governance And Security

CloudQuery transforms your cloud infrastructure into queryable SQL for easy monitoring, governance and security. What is CloudQuery and why use it? CloudQuery pulls, normalize, expose and monitor your cloud infrastructure and SaaS apps as SQL database. This abstracts various scattered APIs enabli...

How the Work-From-Home Shift Impacts SaaS Security

The data is in. According to IBM Security's 2020 Cost of a Data Breach Report, there is a 50% increase in cloud usage for enterprises across all industries. The number of threats targeting cloud services, predominantly collaboration services like Office 365, has increased 630%. Moreover, 75% of...

A better cloud access security broker: Securing your SaaS cloud apps and services with Microsoft Cloud App Security

Today’s business uses an average of 1,180 cloud apps¹, with many of those organizations securing their apps through cloud access security brokers CASB. The organizational need for a CASB has grown alongside the use of cloud apps to enable remote work and greater user productivity. When security...

Identity at Microsoft Ignite: Rising to the challenges of secure remote access and employee productivity

These past months have changed the way we work in so many ways. When businesses and schools went remote overnight, many of you had to adapt quickly to ensure your users could stay productive while working from home. Bad actors are trying to exploit these seismic shifts, making it more important...

Mattress Firm deployed Azure Active Directory to securely connect Firstline Workers to their SaaS apps and to each other

Today, we have another interesting story for the Voice of the Customer blog series. Tony Miller and Jon Sider of Mattress Firm deployed Azure Active Directory Azure AD to create a secure authentication experience for employees, including their Firstline Workforce. Much like sleep and a good...