Valence Has Joined The Microsoft Intelligent Security Association (MISA)
Read More

CircleCI, LastPass, Okta, and Slack: Cyberattackers Pivot to Target Core Enterprise Tool

 CircleCI, LastPass, Okta, and Slack: Cyberattackers Pivot to Target Core Enterprise Tool

CircleCI, LastPass, Okta, and Slack: Cyberattackers Pivot to Target Core Enterprise Tool

 CircleCI, LastPass, Okta, and Slack: Cyberattackers Pivot to Target Core Enterprise Tool

CircleCI, LastPass, Okta, and Slack: Cyberattackers Pivot to Target Core Enterprise Tool

CircleCI, LastPass, Okta, and Slack: Cyberattackers Pivot to Target Core Enterprise Tool

Valence Threat Labs
January 19, 2023

https://www.darkreading.com/attacks-breaches/circleci-lastpass-okta-slack-cyberattackers-target-enterprise-tools

In a Dark Reading article published last week:  CircleCI, LastPass, Okta, and Slack: Cyberattackers Pivot to Target Core Enterprise Tools, author Robert Lemos discussed what the Valence Security Threat Labs team has been regularly highlighting throughout 2022 and into 2023–threat actors are increasingly focusing on exploiting core enterprise services such as identity and access management solutions like Okta and LastPass, as well as developer-focused applications like CircleCI, GitHub, and other applications such as Slack. High privilege access and access to sensitive data such as source code makes SaaS applications a prime attack target.

Securing modern SaaS applications requires a comprehensive SaaS security solution like Valence’s that discovers and remediates the full gamut of SaaS risks–over privileged SaaS-to-SaaS integrations, SaaS security misconfigurations, external oversharing of data, and unmanaged user identities and that lack proper security guardrails such as MFA.

Read the full article.

 CircleCI, LastPass, Okta, and Slack: Cyberattackers Pivot to Target Core Enterprise Tool

There’s more to see

Assess Your SaaS Security Risks

What Risks Are Lurking in Your Shadow Third-party SaaS Integrations?
By submitting, I acknowledge Valence Security's Terms of Use and Privacy Policy