All news with #saas security tag

Why Attackers Are Phishing Over LinkedIn in 2025: Risks

🔒 LinkedIn has emerged as a major vector for phishing, with a growing share of attacks moving off email and onto social and messaging platforms. Attackers exploit in‑app DMs, account takeovers, and AI automation to target executives and high‑value roles, often aiming to compromise SSO providers such as Microsoft Entra and Google Workspace. Because these messages bypass traditional email security and lack inbox quarantine tools, browser-based defenses and SSO/MFA hygiene are recommended to detect and block evasive campaigns. The article outlines five reasons this shift increases enterprise risk.

Cloud Security Alliance Issues New SaaS Security Framework

🔐 The Cloud Security Alliance has published the SaaS Security Capability Framework (SSCF) to establish technical minimum requirements that help SaaS providers and customers apply Zero-Trust principles and address rising third-party risks highlighted by recent Salesforce attacks. The SSCF defines controls across six domains, including identity and access management, data lifecycle, and logging and monitoring, and translates business requirements into concrete, configurable security functions such as log forwarding, SSO enforcement and incident notification. CSA positions the SSCF as a complement to, not a replacement for, frameworks like ISO 27001, while vendors stress that continuous validation and operational implementation are essential to reduce real-world risk.

CSA launches SaaS Security Capability Framework (SSCF)

🔒 The Cloud Security Alliance has published the SaaS Security Capability Framework (SSCF), a standardized set of customer-facing security controls designed to reduce long-standing gaps in third-party risk management. SSCF defines minimum technical capabilities across six domains — including identity and access, data lifecycle, logging, and incident management — that vendors should expose under the Shared Responsibility Model. The framework is intended to add transparency and consistency to SaaS security, complementing business-focused standards such as ISO 27001, and aims to evolve into practical implementation guidance, auditing criteria, and a certification scheme.