All articles tagged with #saas security
Research reveals that 9% of Microsoft Entra SaaS apps remain vulnerable to nOAuth abuse, a security flaw in OpenID Connect implementation that can lead to account hijacking and data breaches, despite being disclosed two years ago. The vulnerability exploits cross-tenant access and unverified emails, with Microsoft urging developers to properly implement authentication measures to prevent exploitation.
The SEC has implemented new cybersecurity rules requiring public companies to disclose cyber incidents and assess cybersecurity readiness for data stored in SaaS systems and connected third-party apps. The regulations aim to address the increasing prevalence of cybersecurity incidents and breaches in SaaS environments, including SaaS-to-SaaS connections. Companies must now prioritize SaaS security and adopt better cybersecurity hygiene to enhance investor confidence, ensure regulatory compliance, and minimize the impact of data breaches. Implementing SaaS security posture management tools can help organizations monitor and manage SaaS systems and connections to mitigate data breach risks and meet SEC requirements.