www.itpro.com
Open in
urlscan Pro
151.101.66.114
Public Scan
Submitted URL: https://r.smartbrief.com/resp/rSdoCTeVdBDzvAtvCigydnBWcNxMVQ?format=multipart
Effective URL: https://www.itpro.com/security/misconfigured-saas-applications-led-to-the-home-depot-data-breach-and-experts-say-its-n...
Submission: On April 14 via api from BE — Scanned from DE
Effective URL: https://www.itpro.com/security/misconfigured-saas-applications-led-to-the-home-depot-data-breach-and-experts-say-its-n...
Submission: On April 14 via api from BE — Scanned from DE
Form analysis
2 forms found in the DOMGET https://www.itpro.com/search
<form class="search-box" action="https://www.itpro.com/search" method="GET" data-analytics-id="search-submit" data-before-rewrite-localise="/search" data-component-tracked="19">
<label for="search-input" class="sr-only">Search IT Pro</label>
<input tabindex="0" type="search" name="searchTerm" placeholder="Search IT Pro" class="search-input" id="search-input">
<button type="submit" class="search-submit" aria-label="Search">
<span class="search-icon">
<svg class="icon-svg" xmlns="http://www.w3.org/2000/svg" viewBox="0 0 1000 1000">
<path d="M720 124a422 422 0 1 0-73 654l221 222 132-131-222-222a422 422 0 0 0-58-523zm-92 504a291 291 0 1 1-412-412 291 291 0 0 1 412 411z"></path>
</svg> </span>
</button>
</form>
POST https://newsletter-subscribe.futureplc.com/v2/submission/submit
<form data-hydrate="true" class="newsletter-form__form newsletter-form__form--inbodyContent" method="POST" action="https://newsletter-subscribe.futureplc.com/v2/submission/submit"><input data-hydrate="true" type="hidden"
class="form__hidden-input form_input form__hidden-input form__hidden-input--inbodyContent" name="NAME"><input data-hydrate="true" type="email" class="form__email-input form_input form__email-input form__email-input--inbodyContent" name="MAIL"
required="" placeholder="Your Email Address"><input data-hydrate="true" type="hidden" class="form__hidden-input form_input form__hidden-input form__hidden-input--inbodyContent" name="NEWSLETTER_CODE" value="ITP_STD"><input data-hydrate="true"
type="hidden" class="form__hidden-input form_input form__hidden-input form__hidden-input--inbodyContent" name="LANG" value="EN"><input data-hydrate="true" type="hidden"
class="form__hidden-input form_input form__hidden-input form__hidden-input--inbodyContent" name="SOURCE" value="60"><input data-hydrate="true" type="hidden"
class="form__hidden-input form_input form__hidden-input form__hidden-input--inbodyContent" name="COUNTRY"><label class="form__checkbox-label"><input data-hydrate="true" type="checkbox"
class="form__checkbox-input form_input form__checkbox-input form__checkbox-input--inbodyContent" name="CONTACT_OTHER_BRANDS">Contact me with news and offers from other Future brands</label><label class="form__checkbox-label"><input
data-hydrate="true" type="checkbox" class="form__checkbox-input form_input form__checkbox-input form__checkbox-input--inbodyContent" name="CONTACT_PARTNERS">Receive email from us on behalf of our trusted partners or sponsors</label><input
data-hydrate="true" type="submit" class="form__submit-input form_input form__submit-input form__submit-input--inbodyContent" required="" value="Sign me up"></form>
Text Content
Skip to main content Open menu Close menu ITPro IT Pro Search Search IT Pro Subscribe RSS US Edition US Australia UK Technology Magazines Why subscribe? * The best tech tutorials and in-depth reviews * Try a single issue or save on a subscription * Issues delivered straight to your door or device From€8 View * * Business * Cloud * Hardware * Infrastructure * Security * More * Zero Trust * Software * Technology * Resources * ITPro newsletter Cloud Pro Channel Pro Trending * Tech trend predictions for 2024 * Join the ITPro Network * The best business servers for 2024 * The most targeted industries for cyber attacks When you purchase through links on our site, we may earn an affiliate commission. Here’s how it works. 1. Security MISCONFIGURED SAAS APPLICATIONS LED TO THE HOME DEPOT DATA BREACH, AND EXPERTS SAY IT’S NO SURPRISE News By Solomon Klappholz published April 9, 2024 The recent Home Depot data breach that exposed information relating to over 10,000 employees should be a warning that enterprises need to get their SaaS deployments under control * * * (Image credit: Getty Images) A senior security leader has said he is not surprised that the recent Home Depot data breach was caused by a misconfigured SaaS application, warning that the issue is rife across enterprises of all sizes. The data breach saw information belonging to over 10,000 Home Depot employees uploaded to a popular hacking forum by a well-known threat actor named IntelBroker. Exposed information included employee names, work email addresses, and user IDs. Although this information alone is not highly sensitive, it could be used by threat actors to conduct further social engineering attacks on Home Depot staff, experts have warned. Home Depot confirmed the attack on 7 April, stating the breach was the result of a third-party software vendor inadvertently exposing a small data sample pertaining to Home Depot staff. LATEST VIDEOS FROM itproITPro Tim Bach, senior VP of security engineering at AppOmni, said while the rapid identification of the incident as the result of a SaaS misconfiguration was impressive, the fact this was the source of the breach was far from surprising. “What is most noteworthy is the immediate identification of SaaS misconfiguration as the cause. It is really not noteworthy to see another sensitive data leak from a SaaS application, and unfortunately it is not noteworthy even to see it at this scale, as large enterprises have heavily adopted SaaS throughout their critical infrastructure.” Bach said it’s important firms correctly identify the root cause of leaks like this one to ensure others learn from these incidents and improve their posture accordingly. GET THE ITPRO. DAILY NEWSLETTER Receive our latest news, industry updates, featured resources and more. Sign up today to receive our FREE report on AI cyber crime & security - newly updated for 2024. Contact me with news and offers from other Future brandsReceive email from us on behalf of our trusted partners or sponsors By submitting your information you agree to the Terms & Conditions and Privacy Policy and are aged 16 or over. “Inadvertent SaaS misconfigurations that can, potentially, result in such leaks are commonplace, but usually when a leak occurs it is attributed simply to an ‘internal system’, making it unclear whether it was a SaaS system, or in-house system, etc,” he said. “Such attribution to a SaaS misconfiguration is key as it will help security teams continue to be mindful of the importance of dedicated attention to securing and continuously monitoring their SaaS applications.” FIRMS NEED TO BUCK UP THEIR SAAS SECURITY PRACTICES The Home Depot breach underscores how SaaS-based attacks are a growing problem, according to Bach. Citing an investigation carried out in 2023 by threat researcher Aaron Costello and security reporter Brian Krebs, he noted that many of these attacks go unnoticed. “This highlights how commonly attackers exploit SaaS application vulnerabilities. Nearly a year ago based on intelligence from AppOmni Labs researcher Aaron Costello, cyber security journalist Brian Krebs published an article about how many SaaS applications are leaking data.” Bach recalled. “Unmanaged SaaS applications, poor configuration hygiene, and their associated breaches continue to plague enterprises. If they are associated with large, well-known enterprises they are written about and discussed, but many of these types of breaches likely go undetected.” RELATED WHITEPAPER (Image credit: Proofpoint) Learn about the most common risks users face today Bach said SaaS applications are ingrained into the operating models of virtually every business and underpin vital processes every day. As such, enterprises need to take a number of security precautions to ensure their SaaS deployments aren’t compromised. “SaaS applications are now the operating system and system of record for business, since they handle sensitive, business-critical data. SaaS is a critical part of cloud infrastructure and applications that businesses need to pay attention to and implement controls around to prevent data breaches. At a basic level, it’s important to get visibility into SaaS risks and preventable data exposures”, he noted. “Beyond this, enterprises should watch out for SaaS identities, user behaviors, and connected applications that can introduce additional risks.” Solomon Klappholz Social Links Navigation Staff Writer Solomon Klappholz is a Staff Writer at ITPro. He has experience writing about the technologies that facilitate industrial manufacturing which led to him developing a particular interest in IT regulation, industrial infrastructure applications, and machine learning. More about security Cyber attacks surged in March with over 299 million records compromised Hackers are using Windows script files to spread malware and swerve antivirus software Latest AMD Ryzen™ PRO processors and Windows 11 Pro See more latest ► MOST POPULAR AWS fined $525 million after US court rules Amazon S3 storage, DynamoDB services infringed patents Alibaba Cloud is in a "race to the bottom" on pricing — and it will be its undoing Hackers are abusing GitHub's search function to spread malware Logpoint unveils new MSSP and channel partner programs Google Cloud Next 2024: All the news and announcements live Microsoft’s April Patch Tuesday marked by RCE vulnerabilities pervading SQL servers Change Healthcare hit with second ransomware attack of 2024 Oracle is betting big that every country will soon have its own sovereign cloud Avanade appoints new Center of AI sales and cross solution lead for UK&I Google Cloud targets ‘AI anywhere’ with Vertex AI Agents Devs defend PHP programming language despite dip in popularity RESOURCES GENERATIVE AI SECURITY Posted Webinar THE BUSINESS VALUE OF ZSCALER DATA PROTECTION Posted Whitepaper 2024 STATE OF THE PHISH REPORT Posted Whitepaper BRING YOUR STORAGE FROM GROUND TO CLOUD Posted Whitepaper VIEW MORE WHITEPAPERS MOST READ 1. 1 AMD Ryzen™ PRO processors and Windows 11 Pro 2. 2 Big tech companies insisted 2024 would be the year of the AI PC - analysts disagree 3. 3 Cyber attacks surged in March with over 299 million records compromised 4. 4 Asus Vivobook Pro 15 OLED (N6506) Review: A high-quality all-rounder for a reasonable price 5. 5 UK competition watchdog says it has “very real concerns” over big tech AI dominance IT Pro is part of Future US Inc, an international media group and leading digital publisher. Visit our corporate site. * Terms and conditions * Contact Future's experts * Privacy policy * Cookies policy * Accessibility statement * Careers * About Us * Contact Us © Future US, Inc. Full 7th Floor, 130 West 42nd Street, New York, NY 10036.