Learning center

Google Fi said customer data has been compromised by hackers, and the incident is most likely linked to the massive T-Mobile hack on January 19.

Google Fi mobile customers have been alerted that their SIM card serial numbers, phone numbers, and other data were exposed in T-Mobile hack.

Mobile communications giant T-Mobile suffered a massive data breach last month that impacted approximately 37 million customers. Yesterday, Google’s telecommunications service, Google Fi, informed its customers that their data were involved in the breach.

Learn more about how to handle the top SaaS security concerns related to visibility, risk, and identity threats to protect your organization’s SaaS security.

Google LLC recently informed customers of Google Fi, the company’s mobile virtual network operator service, that their data may have been breached because of “suspicious activity relating to a third party system that contains a limited amount of Google Fi customer data.”

JD Sports has confirmed that a cyber-attack that hit the company between 2018 and 2020 may have resulted in the data leak of 10 million customers.

Canadian running gear retailer the Running Room experienced a data breach in which intruders might have accessed personal customer data over the last several months.

UK sportswear retailer JD Sports is warning some 10 million of its customers that their personal data — including name, billing address, delivery address, email address, phone number, order details, and last four payment card digits — might have been exposed in a recent cyberattack.

The US Cybersecurity and Infrastructure Security Agency (CISA), the National Security Agency (NSA), and the Multi-State Information Sharing and Analysis Center (MS-ISAC) have released a joint advisory outlining the abuse of legitimate remote monitoring and management (RMM) software.

15 members of Forbes Technology Council predict which smart-home technologies and tech services new homeowners will come to expect as basic features within the next decade.

SaaS security is vital to an organization's cybersecurity strategy. SaaS security detects, monitors, and protects against security vulnerabilities and attacks.

Personal information of over 2 million Aflac life insurance and Zurich auto insurance policyholders in Japan was leaked online in a third-party data breach.

The Japanese customers of two large insurance companies Aflac and Zurich have had their personal information leaked after the breach of a third-party service provider. The attacked provider has not been identified, and neither company would comment on whether the two attacks were related.

This explosion of SaaS adoption, however, led to unprecedented identity sprawl with some employees creating hundreds of SaaS accounts over the time. Most of these accounts are created with just an email and password, and this has now become the new perimeter for the modern enterprise.

On the same day that Aflac confirmed its breach, Swiss insurer Zurich reportedly disclosed data belonging to over two million of its Japanese customers was also exposed through a third-party data leak.

The Japanese customers of two large insurance companies have had their personal information leaked after the breach of a third-party service provider.

Hackers stole copies of LastPass customers' vaults and might attempt to decrypt them. The incident has undoubtedly shaken an online community that has repeatedly been asked to trust password managers.

Stolen LastPass vaults filled with duplicate passwords gives cybercriminals the effect of a successful, global-scale phishing campaign without sending a single email or SMS.

According to one report, the average company uses more than 200 SaaS applications. Without an effective business password manager strategy, your SaaS security is insufficient.

One approach to addressing the human element of cybersecurity is based on what is known as the nudge theory.

13 of them share how they stay involved with coding, and why they feel it’s an important part of a leader’s role.

How Grip SSCP delivers easy, on-demand offboarding across thousands of SaaS services in just a few clicks.

Those in the cybersecurity space tend to look to industry leaders for typical solutions and products. However, many innovative startups exist that are combatting new and emerging cybersecurity threats.

Uber has suffered a new data breach after a threat actor released employee email addresses, IT asset information, and corporate reports online. All this was stolen from a third-party vendor.

Uber has sustained a third-party breach. Its scope and effects are still to be fully determined. It’s the second breach at Uber since September.

The enterprise SaaS layer is where attackers go to find weak and duplicate passwords, launch phishing and smishing campaigns, and expand SaaS compromise — mitigating identity threats across the enterprise SaaS layer depends on precision access control.

SaaS identity and access management is the aspect of security that allows authorized employees to access the resources they need at the proper times for valid reasons.

The rushed implementation of remote work solutions during the COVID-19 pandemic, a phenomenon is currently jeopardizing business security, known as the SaaS sprawl.

Despite economic headwinds, cybersecurity startups still did well in terms of raising funds in 2022. CRN breaks down what you should know about some of the security standouts.

Discover some of the most interesting and dynamic companies in Israel

16 Forbes Technology Council members share their tips to help tech leaders and their teams make the most of CES 2023.

To overcome the inherent limits to identity management and SSO, security leaders rely on the SaaS security control plane (SSCP) for visibility, risk mitigation, and access control.

SaaS commands the digital enterprise. Access control to SaaS services is the equivalent to protecting the cockpit door of a Boeing 787—unauthorized access is non-negotiable.

the Federal Bureau of Investigation (FBI), the Cybersecurity and Infrastructure Security Agency (CISA), and the Department of Health and Human Services (HHS) released a joint Cybersecurity Advisory (CSA) on the Hive ransomware group.

14 members of Forbes Technology Council share some essential considerations for a business building its first mobile app.

Cloud security depends on SaaS security, because SaaS is the control interface for everything in the digital enterprise—factories and finance, engineers and DevOps, HR and IT—everything and everyone runs on SaaS.

SaaS security posture management (SSPM) is a critical component for companies to effectively respond to SaaS threats while complying with industry standards have strong security posture. But SSPM is often insufficient, incomplete, and ineffective to secure SaaS access.

Lior Yaari, co-founder and CEO of Grip Security, who assessed and provided advice on the company’s investments in cybersecurity while serving as the CTO of YL Ventures prior to joining Grip Security.

SSPM solutions help companies gain visibility and secure SaaS apps. Learn how you can get the most value from an SSPM solution.

Business-led and shadow IT is a part of organizations as more digital tools are available. Learn how shadow and business-led IT impacts your SaaS security.

The use of SaaS has ballooned in response to the demands of modern work and the hyperspecialization of business. Let us take a closer look at predictions for SaaS in 2023.

What’s the best identity access management (IAM) solution to secure shadow SaaS? Learn how it can be secured just like sanctioned applications.

Five predictions for 2023 based on the accelerating adoption of business-led IT, formerly known as shadow IT.

The global cybersecurity community understands the traditional network security paradigm has held the industry back, but strides are being made to catch up.

SaaS security is not only consistent with overall cloud security, it is entailed by it—because SaaS is the principle technology used to access and control everything else, including IaaS systems and IaaS security controls.

SaaS security is unique because of the velocity of new SaaS being adopted and the decentralized purchasing decision process.

CASBs present some drawbacks. CISOs, information security managers, security architects, and security teams should consider alternatives to CASBs that may be more advantageous before making using one.

Grip’s SaaS Security Control Plane solution provides full visibility and access control of SaaS applications other products are unable to secure

Password managers are a popular option for companies to govern and secure credentials for SaaS, but they have some key shortcomings that limit their effectiveness.

Just as DevOps has brought software development and IT operations closer together, new and emerging changes in enterprise technology are refining DevOps.

In 2022, 36 percent of SaaS spending will be outside core IT budgets and security oversight. By the year 2030, more than 80 percent of all SaaS will be business-led SaaS. What does this mean for security?

The new program furthers the company’s mission to help companies securely embrace business-led IT with the industry’s best platform for detecting and securing SaaS applications in use that are unknown to IT and security teams.

Grip is looking to add partners who understand the differentiated value of their offering, and the uniqueness that it will provide to customers looking for improved SaaS security.

When we take a closer look, we can see why so many security teams end up with only 5-15 percent of their SaaS estate shielded by single sign-on (SSO) and password managers—it's just not worth it to extend these solutions to every SaaS service.

SaaS security is unique because of the velocity of new SaaS being adopted and the decentralized purchasing decision process.

Ars Technica thinks that the story the hacker tells is plausible, and that, while it's still not clear what the hacker gained access to, potentially at least it's quite a bit. W

Forbes Tech Council members discuss the tech trends and topics they believe will soon be hitting the workplace and how companies can prepare.

The four primary problems of password managers causing low adoption and other failures to achieve the desired security outcome are discussed below.

Password compromise led to unauthorized access to a customer contract search tool over a five-month window, according to the company.

Cisco attack attributed to Lapsus$ ransomware gang. U-Haul discloses data breach. Update on IHG data breach.

Venture capital and private equity firm Insight Partners has invested $22 million in SaaS Alerts, a cybersecurity company that promotes cloud application security software to MSPs.

0ktapus demonstrates the effectiveness of threat actors to compromise SaaS with global-scale attacks and persist within the SaaS attack surface—expanding conquest via Okta SWA credentials.

This article looks at the top 60 cybersecurity startups to watch in 2022 based on their innovations in new and emerging technologies, length of operation, early funding rounds, scalability, and more.

Security teams do have products that help them discover and manage SaaS apps that are being used by their employees. However, the problem is that these products still rely on the outdated assumption that the company controls the endpoint, network access, or authentication method.

Security teams should view BYOA as an opportunity in efficiency and innovation

The incident for CISOs demonstrates that your source code is no less a target than your customer data, as it can reveal valuable information about your application's underlying architecture.

The same hacking group that successfully breached Twilio Inc. and Cloudflare Inc. earlier this month is now believed to have breached more than 130 organizations in the same phishing campaign.

The "0ktapus" cyberattackers set up a well-planned spear-phishing effort that affected at least 130 orgs beyond Twilio and Cloudflare, including Digital Ocean, DoorDash and Mailchimp.

The core principles for protecting SaaS throughout its lifecycle are fundamentally about security architecture—discovery, justification, sanctioning, securing, and decommissioning are all implicated by security architecture. As SaaS moves through its lifecycle, security architects have an outsized impact on the fate of their organization’s SaaS defense.

Forbes Technology Council members share a female tech leader who’s been an inspiration to them as they’ve pursued their careers in tech.

New research has shown that most apps don't use the smartphone's default web browser to open links, which could potentially circumvent the operating system's security and privacy features.

SaaS risk goes far beyond just the vendor’s risk, and it is now driven by enterprise specific factors that most companies still do not factor into their risk calculations because risk is still assessed as if vendor risk were the most important factor.

The trend away from shadow IT to business-led IT is a paradigm shift for security.

Ransomware. Malware. Phishing attacks. Tech headlines are full of stories of the multitude of cyberthreats businesses face. Even so, every year seems to see new and reemerging cybersecurity threats, and some may be flying under the radar.

Shadow IT has a new name. Welcome to the world of business-led IT—it's officially a thing.

Twilio published an incident report on August 4, 2022 about an attack that led to employee and customer account compromise. The Grip SaaS Security Control Plane can help customers protect against potential attacks resulting from this breach.

CASB’s own design interferes with its ability to deliver meaningful SaaS security. It is now clear that any SaaS a CASB can protect, it does so by accident.

In this exclusive Cyber Talk interview, CEO and Co-Founder Lior Yaari shares insights into securing SaaS applications and describes why visibility is so crucial.

With the multitude of CASB vendors, there is a lot of noise, and it is not easy to evaluate the best CASB on the market. One method that could be an input into the evaluation of a CASB purchase are product review sites.

Business-led SaaS pushes each organization closer to threats that move faster than light, use currencies you can’t trace, and strike with push-button tools or services stitched together in a weekend—threats we’ve never had to face or mitigate until now.

Members of Forbes Technology Council share practical, actionable ways tech leaders can help educate both the public and lawmakers and steer new tech legislation in the right direction.

The industry reacts to Russia's unabated cyberespionage attempts

The use of legitimate cloud services to deliver malicious payloads is on the rise as cybercriminals look to take advantage of the entrenched trust that millions of business users (and email gateways) have in them.

Despite the industry’s best efforts, shadow IT has not gotten smaller but has increased and is close to becoming legitimized as a viable IT strategy that provides competitive benefits.

This CRN annual list recognizes the fast-rising, channel-focused technology vendors that help deliver innovative, cutting-edge solutions for business and opportunity for solution providers.

The FTC warned companies and apps against misusing the data they collect about their users.

To help consumers and businesses better understand the role E2EE plays in security, 13 members of Forbes Technology Council share essential facts about E2EE, including what it entails, why it’s important and what its limitations are.

It’s never easy to be a trailblazer, especially as a female junior Data Engineer in the male-led cybersecurity ecosystem. A year later, I can now say that this was a fantastic decision!

Despite economic concerns, the funds keep flowing to promising young security firms.

14 members of Forbes Technology Council share new and emerging applications of AI that may be new to you.

Is it possible to position your security team as a profit center instead of the traditional cost center reporting to the CIO?

Based on the work Grip has done with hundreds of CISOs, we have defined four stages of maturity we have seen in SaaS security programs.

CISOs are challenged to understand the scope of risk when employees are using hundreds of apps causing data proliferation and dormant zombie accounts that are no longer used but maintain unmanaged privileges. Read this Help Net Security article to gain insights into how modern CISOs are addressing this problem.

Forbes Technology Council members explore 15 common tech buzzwords that are frequently misused and misunderstood by the non-tech-savvy, and what these terms actually mean.

SaaS has created unique challenges for security teams and requires them to evaluate the maturity of their SaaS security using a framework that was developed for the unique challenges SaaS creates.

Learn more about how to handle the top SaaS security concerns related to visibility, risk, and identity threats to protect your organization’s SaaS security.

SaaS security is vital to an organization's cybersecurity strategy. SaaS security detects, monitors, and protects against security vulnerabilities and attacks.

Stolen LastPass vaults filled with duplicate passwords gives cybercriminals the effect of a successful, global-scale phishing campaign without sending a single email or SMS.

According to one report, the average company uses more than 200 SaaS applications. Without an effective business password manager strategy, your SaaS security is insufficient.

One approach to addressing the human element of cybersecurity is based on what is known as the nudge theory.

How Grip SSCP delivers easy, on-demand offboarding across thousands of SaaS services in just a few clicks.

The enterprise SaaS layer is where attackers go to find weak and duplicate passwords, launch phishing and smishing campaigns, and expand SaaS compromise — mitigating identity threats across the enterprise SaaS layer depends on precision access control.

SaaS identity and access management is the aspect of security that allows authorized employees to access the resources they need at the proper times for valid reasons.

The rushed implementation of remote work solutions during the COVID-19 pandemic, a phenomenon is currently jeopardizing business security, known as the SaaS sprawl.

To overcome the inherent limits to identity management and SSO, security leaders rely on the SaaS security control plane (SSCP) for visibility, risk mitigation, and access control.

SaaS commands the digital enterprise. Access control to SaaS services is the equivalent to protecting the cockpit door of a Boeing 787—unauthorized access is non-negotiable.

Cloud security depends on SaaS security, because SaaS is the control interface for everything in the digital enterprise—factories and finance, engineers and DevOps, HR and IT—everything and everyone runs on SaaS.

SaaS security posture management (SSPM) is a critical component for companies to effectively respond to SaaS threats while complying with industry standards have strong security posture. But SSPM is often insufficient, incomplete, and ineffective to secure SaaS access.

SSPM solutions help companies gain visibility and secure SaaS apps. Learn how you can get the most value from an SSPM solution.

Business-led and shadow IT is a part of organizations as more digital tools are available. Learn how shadow and business-led IT impacts your SaaS security.

The use of SaaS has ballooned in response to the demands of modern work and the hyperspecialization of business. Let us take a closer look at predictions for SaaS in 2023.

What’s the best identity access management (IAM) solution to secure shadow SaaS? Learn how it can be secured just like sanctioned applications.

SaaS security is not only consistent with overall cloud security, it is entailed by it—because SaaS is the principle technology used to access and control everything else, including IaaS systems and IaaS security controls.

SaaS security is unique because of the velocity of new SaaS being adopted and the decentralized purchasing decision process.

CASBs present some drawbacks. CISOs, information security managers, security architects, and security teams should consider alternatives to CASBs that may be more advantageous before making using one.

Password managers are a popular option for companies to govern and secure credentials for SaaS, but they have some key shortcomings that limit their effectiveness.

When we take a closer look, we can see why so many security teams end up with only 5-15 percent of their SaaS estate shielded by single sign-on (SSO) and password managers—it's just not worth it to extend these solutions to every SaaS service.

The four primary problems of password managers causing low adoption and other failures to achieve the desired security outcome are discussed below.

0ktapus demonstrates the effectiveness of threat actors to compromise SaaS with global-scale attacks and persist within the SaaS attack surface—expanding conquest via Okta SWA credentials.

Security teams do have products that help them discover and manage SaaS apps that are being used by their employees. However, the problem is that these products still rely on the outdated assumption that the company controls the endpoint, network access, or authentication method.

Security teams should view BYOA as an opportunity in efficiency and innovation

The core principles for protecting SaaS throughout its lifecycle are fundamentally about security architecture—discovery, justification, sanctioning, securing, and decommissioning are all implicated by security architecture. As SaaS moves through its lifecycle, security architects have an outsized impact on the fate of their organization’s SaaS defense.

SaaS risk goes far beyond just the vendor’s risk, and it is now driven by enterprise specific factors that most companies still do not factor into their risk calculations because risk is still assessed as if vendor risk were the most important factor.

The trend away from shadow IT to business-led IT is a paradigm shift for security.

Twilio published an incident report on August 4, 2022 about an attack that led to employee and customer account compromise. The Grip SaaS Security Control Plane can help customers protect against potential attacks resulting from this breach.