When Uber was breached in September, the hacker remained undetected until they announced their presence within the org via Slack. This incident provides yet another example of Slack being leveraged by an attacker. In this post, we’re going to review some of the ways attackers have used Slack in breaches, why this is happening, and what you can do about it.

In this post, we’ll quickly cover the highlights of what you need to know about California’s Data Breach Notification Statute.

The Brazilian General Data Protection Law (LGPD) came into effect on August 16, 2020. The law creates new rights for individuals with respect to their data and imposes significant obligations on companies that process personal data. This guide will provide an overview of the key provisions of the LGPD and explain the steps that companies must take to comply with the law.

Nightfall customers have always lauded the platform’s ease of use and simplicity, but our team is always hard at work looking for ways to improve user experience. This month, we’ve made multiple features GA across the platform, that will further your ability to further customize what content and files trigger Nightfall detectors as well as the ways you can ingest this data.

Yesterday, TechCrunch broke a story about pharmaceutical giant AstraZeneca, which experienced a leak affecting sensitive patient data. We think this incident is worth reviewing to learn more about how data exfiltration risk is distributed across the entirety of an organization’s SaaS infrastructure.

In today’s digital world, data breaches are becoming more and more common. In fact, recent studies found that a large majority of breaches are caused by stolen secrets & credentials, such as API keys. API keys are used to access data and resources from another application or service. They are typically used to connect two applications so that they can share data. For example, if you use a weather app on your phone, that app likely uses an API key to access the Weather Channel’s data.

The threat landscape in IT is ever-evolving, with new risks arising practically daily. Trying to anticipate the next type of threat can feel a little like playing whack-a-mole. Instead, IT teams are focusing on vulnerability management: reducing the opportunities for hackers and other bad actors to find a weakness in cyber defenses. Vulnerability management is an iterative process that allows companies to proactively defend valuable assets, no matter how the threat landscape changes.

With the rise of cloud-based applications, data loss prevention (DLP) has become an increasingly important part of information security. DLP refers to the policies and technologies used to prevent sensitive data from being lost or stolen. In the context of SaaS, this can include both the security measures implemented by the SaaS provider and the steps taken by the customer to protect their data.

In its 2022 Cost of a Data Breach report, IBM notes that for 83% of companies, it’s not if a data breach will happen — but when. The sheer volume of data, as well as the difficulty in monitoring shadow IT and the shift to remote work, means that IT security teams face a persistent and ever-changing risk landscape that makes it extremely difficult to keep information secure. Protecting sensitive data starts with data discovery.

Today, we are delighted to announce that Nightfall has launched the first and only DLP solution for Asana. As part of this launch, Nightfall has joined the Asana Partner program as an official Technology Partner. Nightfall’s solution for Asana builds comprehensive data protection into the Asana app.