Advertise

Attacks/Breaches

11/3/2020
07:00 AM

Jai Vijayan
Slideshows

Connect Directly

1 Comment
Comment Now

6 Cybersecurity Lessons From 2020

The COVID-19 pandemic exposed new weaknesses in enterprise cybersecurity preparedness.

4 of 7

SaaS Has Become a Bigger Attack Target

With more organizations shifting workloads and data to the cloud to support remote and virtual workforces, SaaS environments have become a big attacker target. Expect IT staff to be increasingly engaged in managing their organizations' SaaS applications and cloud footprint, says Brendan O'Connor, CEO and co-founder at AppOmni.

Increasingly, tools -- such as those required for scanning APIs between applications to automate SaaS configuration, and monitor user access, activity, and changes in the environments -- are going to become important, he says.

"The shift to the cloud, unfortunately, has not gone unnoticed by hackers and bad actors," O'Connor says. "As organizations play catch-up, attackers are shifting their strategy to leverage the lack of SaaS expertise and necessary tooling to monitor and keep attackers at bay."

Many IT teams are struggling to keep up with the massive operational changes caused by the pandemic and the resulting accelerated rate of cloud adoption, according to a survey of 200 IT security professionals conducted by AppOmni earlier this year. Due to increased responsibilities tied to COVID-19-related changes, 68% said they had less time to spend on managing and securing SaaS applications.

Image Credit: Gustavo Frazao via Shutterstock

4 of 7

Comment |

Email This |

Print |

RSS

Comments

Newest First | Oldest First | Threaded View

[close this box]

50%

peternjohnson,
User Rank: Strategist
11/20/2020 | 9:26:24 AM

Slide show???

Couldn't find the report, just this slideshow. Not doing that! Don't you want professionals to take you seriously?

Reply | Post Message | Messages List | Start a Board

Editors' Choice

I Smell a RAT! New Cybersecurity Threats for the Crypto Industry

David Trepp, Partner, IT Assurance with accounting and advisory firm BPM LLP, 7/9/2021

Attacks on Kaseya Servers Led to Ransomware in Less Than 2 Hours

Robert Lemos, Contributing Writer, 7/7/2021

It's in the Game (but It Shouldn't Be)

Tal Memran, Cybersecurity Expert, CYE, 7/9/2021

Live Events

Webinars

@Hack - November 28-30, 2021 Saudi Arabia - Learn More

Black Hat USA 2021 - July 31-August 5 - Learn More

Enterprise Connect Orlando, September 27-29, 2021: Where Corporate IT Decision Makers Connect - Save $200 with Promo Code IWBX200

More Informa Tech Live Events

White Papers

Preparing an Endpoint Security Strategy to Address Ransomware

How Secure Are Your Endpoints?

Defending Against Critical Threats

Proven Success Factors for Endpoint Security

Spear Phishing eBook: Inbound Attacks Detected By Tessian Defender

More White Papers

Video

All Videos

Cartoon

Latest Comment: I've heard of people walking right out the front door with entire servers...

Cartoon Archive

Current Issue

The State of Cybersecurity Incident Response

In this report learn how enterprises are building their incident response teams and processes, how they research potential compromises, how they respond to new breaches, and what tools and processes they use to remediate problems and improve their cyber defenses for the future.

Download This Issue!

Back Issues | Must Reads

Flash Poll

All Polls

Reports

How Enterprises are Developing Secure Applications

Recent breaches of third-party apps are driving many organizations to think harder about the security of their off-the-shelf software as they continue to move left in secure software development practices.

Download Now!

Assessing Cybersecurity Risk in Today's Enterprises

0 comments

The Malware Threat Landscape

0 comments

How Data Breaches Affect the Enterprise (2020)

0 comments

More Reports

Twitter Feed

Tweets about "from:DarkReading OR @DarkReading"

Bug Report

Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database

CVE-2020-26180
PUBLISHED: 2021-07-28

Dell EMC Isilon OneFS supported versions 8.1 and later and Dell EMC PowerScale OneFS supported version 9.0.0 contain an access issue with the remotesupport user account. A remote malicious user with low privileges may gain access to data stored on the /ifs directory through most protocols.

CVE-2020-5341
PUBLISHED: 2021-07-28

Deserialization of Untrusted Data Vulnerability Dell EMC Avamar Server versions 7.4.1, 7.5.0, 7.5.1, 18.2, 19.1 and 19.2 and Dell EMC Integrated Data Protection Appliance versions 2.0, 2.1, 2.2, 2.3, 2.4 and 2.4.1 contain a Deserialization of Untrusted Data Vulnerability. A remote unauthenticated ...

CVE-2020-5351
PUBLISHED: 2021-07-28

Dell EMC Data Protection Advisor versions 6.4, 6.5 and 18.1 contain an undocumented account with limited privileges that is protected with a hard-coded password. A remote unauthenticated malicious user with the knowledge of the hard-coded password may login to the system and gain read-only privilege...

CVE-2021-32788
PUBLISHED: 2021-07-27

Discourse is an open source discussion platform. In versions prior to 2.7.7 there are two bugs which led to the post creator of a whisper post being revealed to non-staff users. 1: Staff users that creates a whisper post in a personal message is revealed to non-staff participants of the personal mes...

CVE-2021-32796
PUBLISHED: 2021-07-27

xmldom is an open source pure JavaScript W3C standard-based (XML DOM Level 2 Core) DOMParser and XMLSerializer module. xmldom versions 0.6.0 and older do not correctly escape special characters when serializing elements removed from their ancestor. This may lead to unexpected syntactic changes durin...

To save this item to your list of favorite Dark Reading content so you can find it later in your Profile page, click the "Save It" button next to the item.

If you found this interesting or useful, please use the links to the services below to share it with other readers. You will need a free account with each service to share an item via that service.
Tweet This
[close this box]