Cybersecurity

Lessons for the next cybersecurity frontier

Consider the following cybersecurity breaches – all from within the past three months: GitHub, the leading cloud-based source control service, discovered that hackers capitalized on stolen OAuth tokens issued to third-party applications to download data from dozens of customer accounts; Mailchimp, a leading emarketing company, found a data breach where hundreds of customer accounts were compromised using stolen API keys; and Okta, the leading workforce authentication service, left 366 corporate customers vulnerable after hackers exploited a security breach to gain access to internal networks.

These three incidents have one thing in common – they were all service supply chain attacks, meaning breaches in which the attackers took advantage of access granted to third-party services as a backdoor into the companies’ sensitive core systems.

Why this sudden cluster of related attacks?

As digital transformation and the surge in cloud-based, remote or hybrid work continues, companies are increasingly weaving third-party applications into the fabric of their enterprise IT to facilitate productivity and streamline business processes. These integrated apps increase efficiency throughout the enterprise – thus their sudden rise in popularity. The same is true for low-code / no-code tools, which allow non-coding “citizen developers” to create their own advanced app-to-app integrations more easily than ever before.

Read more

Veille-cyber

Share
Published by
Veille-cyber

Recent Posts

Sécurité des mots de passe : bonnes pratiques pour éviter les failles

Sécurité des mots de passe : bonnes pratiques pour éviter les failles La sécurité des…

1 semaine ago

Ransomware : comment prévenir et réagir face à une attaque

Ransomware : comment prévenir et réagir face à une attaque Le ransomware est l’une des…

2 semaines ago

Cybersécurité et e-commerce : protéger vos clients et vos ventes

Cybersécurité et e-commerce : protéger vos clients et vos ventes En 2025, les sites e-commerce…

2 semaines ago

Les ransomwares : comprendre et se défendre contre cette menace

Les ransomwares : comprendre et se défendre contre cette menace En 2025, les ransomwares représentent…

2 semaines ago

RGPD et cybersécurité : comment rester conforme en 2025

RGPD et cybersécurité : comment rester conforme en 2025 Depuis sa mise en application en…

2 semaines ago

VPN : un outil indispensable pour protéger vos données

VPN : un outil indispensable pour protéger vos données Le VPN, ou « Virtual Private…

2 semaines ago

This website uses cookies.