Maintaining persistent access in a SaaS-first world
Attackers have loads of persistence options in an endpoint compromise scenario, but what changes in a SaaS-first world? We talk new attack methods in this post.
Is it safe to allow my employees to connect third-party apps to our M365/Google...
Learn about the benefits and risks of SaaS integrations and get tips for how to manage the risks.
Should I let my employees login with their work Google account?
Is logging in with Google or Microsoft secure? Yes, with caveats.
NCSC 2022 Cyber Essentials puts the spotlight on SaaS
We address some of the biggest changes to the Cyber Essentials technical controls and offer guidance about how to handle these new questions.
How to kick off an incident response investigation for a compromised SaaS...
We'll walk through how to quickly detect and mitigate business email compromise (BEC) and then prevent future attacks.
How to discover SaaS use without invading employee privacy
Learn how to manage SaaS in a way that keeps employees productive and doesn't compromise privacy.
How to manage the risk of unsanctioned SaaS
Learn some lightweight ways to manage the risks SaaS introduces without relying on restrictive policies that block employees from using their preferred tools.
How to find the right SaaS security solution for your organization
In this guide, we’ll break down some major SaaS use cases and match them up with solutions that can address them, covering pros and cons for each.
What we’ve been up to with our seed funding: a peek behind the curtain
Yesterday, we announced our official launch and what Push Security is all about following our $4m series seed.
Building a culture of trust to secure SaaS, together
We’re excited to announce our $4M seed round, led by Decibel. See how we’re building tech that allows companies to let employees freely & securely adopt SaaS.
Push Security Announces $4M Seed Round to Introduce User-Centric Approach to...
Launches solution that finds SaaS apps employees are using and guides them to fix issues
Microsoft rolls out Security Defaults for Azure AD to secure access
Microsoft is starting to roll out Security Defaults for Azure AD for those who haven’t turned them on yet. Here’s what you need to know.
Rolling-your-own SaaS discovery
We’ve compiled some methods for discovering SaaS. Lets explore each approach and learn new ways to discover unknown SaaS, capture SaaS use, and secure it.
How to find a malicious OAuth app on Microsoft 365
How do you find a malicious Microsoft 365 OAuth app? Learn what to look for, and what to ignore, when checking your users haven't been consent phished.
Investigating user delegated OAuth tokens in Google Workspace - a ride along
Introduction to OAuth tokens in Google Workspace, how they are used, reasons you might want to review them, and a discussion of how you might go about it.
Consent phishing: the emerging phishing technique that can bypass 2FA
Consent phishing is an emerging technique attackers are using to compromise user accounts, even if they have Multi-factor Authentication (MFA or 2FA) enabled.
Case study: Business Email Compromise (BEC) attack nearly cost us millions
A story by the owner of an Engineering company on how they almost lost millions from a Business Email Compromise (BEC) style attack. An interesting BEC example.
Email security: How hackers use mail rules to access your inbox
After phishing campaigns target Office 365 and Google Workspace users, malicious mail rules are automatically added to the user’s mailbox. Take steps to defend.
Should you disable external email auto-forwarding?
External email auto-forwarding is a feature but also a risk; learn whether you should disable it, and, if you can't, how to manage the risk through detection.
Push Security’s early access preview is live! 🚀
We built Push to help small and medium-sized organisations get security done, in the easiest, lowest friction way possible.
Which MFA methods should you use?
SMS, Authenticator apps, Security Keys, and more! We compare them from a user experience, security, cost, and security aspect.
Multi-Factor Authentication is the top security control for most small and...
Why Multi-Factor Authentication (MFA aka 2FA) is so useful for small and medium-sized businesses, and how to deploy it successfully.
The latest news, articles, and resources, sent to your inbox.