Tag Archive for: softwareasaservice

Software-as-a-service applications emerge as new target for ransomware, report reveals

/in


The report shows that Apple’s iCloud and Microsoft Outlook 365 are among products with the maximum vulnerabilities

Software-as-a-service (SaaS) applications have emerged as a new target for ransomware, and had the highest count of vulnerabilities that were seen trending with active exploits.

“We saw ransomware targeting 12 SaaS products with 47 vulnerabilities. We also found that 19 of these Common Vulnerabilities and Exposures (CVEs) are trending between 2018 and 2020,” pointed out a study report ‘Ransomware Through the Lens of Threat and Vulnerability Management’ by Chennai-based Cyber Security Works (CSW), an official CVE Numbering Authority (CNA), along with RiskSense, a company that provides risk-based vulnerability management.

The report shows that products with maximum vulnerabilities would be Apple’s iCloud, Microsoft Outlook 365, HP’s Application Lifecycle management, Oracle’s Fusion Middleware, Adobe’s Adobe Air, IBM’s Lotus Domino, and Notes. “With the usage of SaaS products increasing, we predict that threat actors will seek out vulnerabilities inherent in these applications and weaponise them systematically,” according to the report.

Vulnerabilities quadrupled

It was found that total vulnerabilities associated with ransomware quadrupled from 57 in 2019 to 223 in 2020. “The number of weaponised vulnerabilities associated with ransomware have quadrupled in 2020 which means organisations need to view vulnerabilities from a ransomware context and patch them continuously,” Ram Swaroop, co-founder, CSW, said.

CSW, which operates out of the IIT Madras Research Park, said the study is important because 89% of Indian IT leaders are concerned about data protection from ransomware. This, with good reason, as there has been a 31% increase in ransomware attacks on Indian organisations during the COVID-19 pandemic in 2020.

NHAI, Apollo Tyres, India Bulls, P & R Group and Delhi Medical Council have been victims of ransomware in the past year and their data is exposed on the dark web.

“A few of the known high profile data breaches in India that impacted critical infrastructure are from sectors including telecom, e-commerce and public sector entities….

Source…

Nice software-as-a-service?

/in

OK, the unidentified wearer of the sweatshirt above is being a bit cheeky.

Louis Gray, who took and tweeted the picture writes: “Spotted on the rear of one of the dads here in Palo Alto: ‘Nice SAAS.’ Silicon Valley for you.”

The word-play is apparently something of a thing among those who know their SaaS from their elbow. I found examples on Twitter dating back to 2012.

In San Francisco:

012516blog nice saas2 Via Twitter

From Boston-based 451 Marketing, showing it’s not just a Silicon Valley thing:

To read this article in full or to leave a comment, please click here

Network World Paul McNamara