Sumo Logic discloses security breach, advises API key resets

Security and data analytics company Sumo Logic disclosed a security breach after discovering that its AWS account was compromised last week. The company detected evidence of the breach on Friday, November 3, after discovering that an attacker used stolen credentials to gain access to a Sumo Logic AWS account. Sumo Logic says its systems and networks weren't impacted during the breach and that "Customer data has been and remains encrypted." "Immediately upon detection we locked down the exposed infrastructure and rotated every potentially exposed credential for our infrastructure out of an abundance of caution," the company said. "We are continuing to thoroughly investigate the origin and extent of this incident. We have identified the potentially exposed credentials and have added extra security measures to further protect our systems." These measures involve enhanced monitoring and addressing potential vulnerabilities to prevent similar incidents in the future. The company also continues to monitor network and system logs to identify any indications of additional malicious activity. In light of these developments, Sumo Logic advised customers to rotate credentials used to access its services or any credentials shared with Sumo Logic for accessing other systems. "While the investigation into this incident is ongoing, we remain committed to doing everything we can to promote a safe and secure digital experience," the company said. "We will directly notify customers if evidence of malicious access to their Sumo Logic accounts is found. Customers may find updates at our Security Response Center." Sumo Logic operates a cloud-native SaaS analytics platform providing customers with log analytics, infrastructure monitoring, cloud infrastructure security services, and more. In May, private equity firm Francisco Partners acquired the company for $1.7 billion. Okta says its support system was breached using stolen credentials. Casio discloses data breach impacting customers in 149 countries. Marina Bay Sands discloses data breach impacting 665,000 customers. Mortgage giant Mr. Cooper hit by cyberattack impacting IT systems. Okta breach: 134 customers exposed in October support system hack.

This Cyber News was published on www.bleepingcomputer.com. Publication date: Thu, 30 Nov 2023 23:19:27 +0000


Cyber News related to Sumo Logic discloses security breach, advises API key resets

Sumo Logic discloses security breach, advises API key resets - Security and data analytics company Sumo Logic disclosed a security breach after discovering that its AWS account was compromised last week. The company detected evidence of the breach on Friday, November 3, after discovering that an attacker used ...
10 months ago Bleepingcomputer.com
Sumo Logic says customer data untouched during breach The Register - Sumo Logic has confirmed that no customer data was compromised as a result of the potential security breach it discovered on November 3. In a customer update that includes the results of the investigation verified by third-party forensic specialists, ...
10 months ago Theregister.com
Defining Good: A Strategic Approach to API Risk Reduction - A good API security strategy starts with a well thought out API security posture governance program that spans from design to deployment. That standard, if communicated and enforced effectively, will not only positively affect how a developer designs ...
8 months ago Securityboulevard.com
Imperva Named an Overall Leader in the KuppingerCole Leadership Compass: API Security and Management Report - We're thrilled to share that Imperva has achieved the prestigious status of Overall Leader in the KuppingerCole Leadership Compass: API Security and Management report. A notable achievement is being recognized as one of the few non-gateway-first ...
10 months ago Imperva.com
Salt Security Delivers API Posture Governance Engine - PRESS RELEASE. PALO ALTO, Calif., Jan. 17, 2024 /PRNewswire/ - Salt Security, the leading API security company, today announced multiple advancements in discovery, posture management and AI-based threat protection to the industry leading Salt ...
8 months ago Darkreading.com
Tech Security Year in Review - In this Tech Security Year in Review for 2023, let's look into the top data breaches of the past year. Each factor contributes to the growing threatscape, demanding a proactive and adaptable cybersecurity approach to safeguard your organization ...
9 months ago Securityboulevard.com
Data Breach Response: A Step-by-Step Guide - In today's interconnected world, organizations must be prepared to respond swiftly and effectively in the face of a data breach. To navigate these challenges, a well-defined and comprehensive data breach response plan is essential. Let's explore the ...
8 months ago Securityzap.com
Unified API Protection - A massive segment of organizations' digital footprint today is built around internal and external APIs. As more IT leaders realize and acknowledge the size of APIs' influence, it's become clear that new methods are needed to secure those APIs. While ...
1 year ago Cequence.ai
What do CISOs need to know about API security in 2024? - According to Postman's 2023 State of the API Report, roughly 66% of participants indicated that their APIs contribute to generating revenue. A recent ESG survey on API security showed that 92% of organisations using APIs have experienced a breach in ...
9 months ago Cybersecurity-insiders.com
API Security: The Big Picture - Given this, it is no surprise that API security is a top priority for many security teams in the coming year. Here are 10 strategic things to look for in an API security offering. Multiple Environment Capability API security isn't very helpful if it ...
9 months ago Darkreading.com
The 9 Most Essential API Security Tools to Protect Against Cyber Threats - Understanding the importance of API security is crucial as technological advancements across various industries continue to make our lives easier. Through APIs connecting different systems and services together, automation is becoming increasingly ...
1 year ago Csoonline.com
That time I broke into an API and became a billionaire - This included an internal API with a dependency on a third-party banking API. We'll get to the banking API later in this story. That's all thanks to developers embracing agile development, microservices, and API gateway redirection that exposed ...
9 months ago Securityboulevard.com
How AI is revolutionizing "shift left" testing in API security - Catching coding errors in API preproduction, before they are spun up and go live is critical in preventing exploitable vulnerabilities. For developers who are not security experts, fixing code or knowing business logic abuse possibilities can be ...
10 months ago Helpnetsecurity.com
API Gateways and API Protection: What’s the Difference? - Security Boulevard - At the security level, API security tools and gateways provide different controls to protect APIs from various threats. API protection – or API security – refers to a comprehensive set of security capabilities designed to protect APIs from a wide ...
1 week ago Securityboulevard.com
API Security in 2024: Navigating New Threats and Trends - As we step into 2024, the landscape of API security is at a critical juncture. The previous year witnessed a significant escalation in API-related breaches, impacting diverse organizations and bringing to light the critical vulnerabilities in API ...
7 months ago Cybersecurity-insiders.com
API security in 2024: Predictions and trends - As technology continues to advance at an unprecedented pace, so does the complexity of API security. With the proliferation of APIs in modern applications and services, organizations will need to develop a better understanding of their API ...
9 months ago Helpnetsecurity.com
Infosec products of the month: May 2024 - The Third-Party Intelligence module combines vendor-specific cyber threat intelligence with cybersecurity posture data from suppliers' tech environments, exposing a critical blind spot for security teams. Synopsys Polaris Assist automates repetitive, ...
4 months ago Helpnetsecurity.com
Expanding Reach and Reducing Costs: Cato Enhances Capabilities with Latest Third-Party Integrations - This surge is evident not only in its adoption by organizations of all sizes but also in the increasing number of requests from third-party vendors eager to integrate SASE into their software solutions. This is where Cato API comes into play, ...
9 months ago Itsecurityguru.org
Expanding Reach and Reducing Costs: Cato Enhances Capabilities with Latest Third-Party Integrations - This surge is evident not only in its adoption by organizations of all sizes but also in the increasing number of requests from third-party vendors eager to integrate SASE into their software solutions. This is where Cato API comes into play, ...
9 months ago Itsecurityguru.org
Customer compliance and security during the post-quantum cryptographic migration | AWS Security Blog - For example, using the s2n-tls client built with AWS-LC (which supports the quantum-resistant KEMs), you could try connecting to a Secrets Manager endpoint by using a post-quantum TLS policy (for example, PQ-TLS-1-2-2023-12-15) and observe the PQ ...
1 week ago Aws.amazon.com
7 Essential Practices for Secure API Development - The necessity for API security cannot be overstated. Authentication and Authorization Authentication and authorization form the cornerstone of secure API interactions. In the world of API security, managing identities accurately ensures that only ...
7 months ago Feeds.dzone.com
Mint Mobile discloses new data breach exposing customer data - Mint Mobile has disclosed a new data breach that exposed the personal information of its customers, including data that can be used to perform SIM swap attacks. Mint is a mobile virtual network operator owned by T-Mobile, offering budget, pre-paid ...
9 months ago Bleepingcomputer.com
9 Best DDoS Protection Service Providers for 2024 - eSecurity Planet content and product recommendations are editorially independent. We may make money when you click on links to our partners. Learn More. One of the most powerful defenses an organization can employ against distributed ...
10 months ago Esecurityplanet.com
Ex-Uber CSO: Lessons Learned from the Breach and Legal Case - BLACK HAT EUROPE 2023 - London - Former Uber CISO Joe Sullivan last week shared new details about the 2016 data breach at the company that led to his firing from Uber and, later, felony charges. The Uber Breach Sullivan was in his second year as CISO ...
10 months ago Darkreading.com
Prudential Financial data breach impacted over 2.5M individuals - Prudential Financial data breach impacted over 2.5 million individuals. Keytronic confirms data breach after ransomware attack. ABN Amro discloses data breach following an attack on a third-party provider. Christie disclosed a data breach after a ...
3 months ago Securityaffairs.com

Latest Cyber News


Cyber Trends (last 7 days)


Trending Cyber News (last 7 days)