[HackerNews] [eBook] The Guide for Reducing SaaS Applications Risk for Lean IT Security Teams

The Software-as-a-service (SaaS) industry has gone from novelty to an integral part of today’s business world in just a few years. While the benefits to most organizations are clear – more efficiency, greater productivity, and accessibility – the risks that the SaaS model poses are starting to become visible. It’s not an overstatement to say that most companies today run on SaaS. This poses an

Source: Read More (The Hacker News)

You might be interested in …

[SANS ISC] Malicious PowerShell Using Client Certificate Authentication, (Mon, Oct 18th)

All posts, Sans-ISC

Attackers have many ways to protect their C2 servers from unwanted connections. They can check some specific headers, the user-agent, the IP address location (GeoIP), etc. I spotted an interesting PowerShell sample that implements a client certificate authentication mechanism to access its C2 server. It’s VT score is 9/56[1] (SHA256:6d3f45db0a991572a7ac8077e2fd8eec29aad99e7efa6cea5e54186ac1abc488). The certification is Base64 encoded and […]

Read More

[SecurityWeek] GitKraken Vulnerability Prompts Action From GitHub, GitLab, Bitbucket

All posts, Security Week

Developers of Git GUI client GitKraken have addressed a vulnerability resulting in the generation of weak SSH keys, and they are prompting users to revoke and renew their keys. Discovered in the open source library that the Git GUI client uses for SSH key generation, the issue affects all keys issued using versions 7.6.x, 7.7.x, […]

Read More

[SecurityWeek] QNAP Investigating New Attacks Targeting NAS Devices

All posts, Security Week

Network-attached storage (NAS) appliance manufacturer QNAP Systems says it is investigating reports of malicious attacks targeting NAS devices. read more Source: Read More (SecurityWeek RSS Feed)

Read More