Collaborate Disseminate
Okta thwarted the supply-chain attack with security controls it had in place. Zscaler did not. Their experiences provide insights into the root of a much broader problem.
The post Security leaders at Okta and Zscaler share lessons from Salesloft Drift attacks appeared first on CyberScoop.
Continue reading Security leaders at Okta and Zscaler share lessons from Salesloft Drift attacks
A threat group Google tracks as UNC6395 systematically stole large amounts of data from Salesforce customer instances by using OAuth tokens stolen from Salesloft Drift, researchers said.
The post Hundreds of Salesforce customers impacted by attack spree linked to third-party AI agent appeared first on CyberScoop.
The following is a list of technically relevant IoCs (Indicators of Compromise) information on a recent malware dropping social engineering… Continue reading A List of IoCs (Indicators of Compromise) from a Recent Social Engineering Campaign Impersonating Legitimate Security Researchers
This content is for members only. Visit the site and log in/register to read.
Continue reading Exposing the Internet-Connected Infrastructure of the Cybercriminals Behind the Flashpoint Intel Web Site Compromise – An OSINT Analysis – A PDF Paper
There was a breach, so the bad news isn’t great, but the good news isn’t too bad… Continue reading GitHub code-signing certificates stolen (but will be revoked this week)
Here at Hackaday we love the good kinds of hacks, but now and then we need to bring up a less good kind. Today it was learned that the NPM package ua-parser-js …read more Continue reading Supply Chain Attack: NPM Library Used By Facebook And Others Was Compromised
Multiple chicken diners said their usernames and passwords were stolen and the accounts used to place high-volume orders. Continue reading Nando’s Hackers Feast on Customer Accounts
The meal-kit company’s customer records were leaked as part of the Shiny Hunters breach. Continue reading Home Chef Serves Up Data Breach for 8 Million Records
The popular video-sharing apps’s use of HTTP to download media content instead of a secure protocol could lead to the spread of misinformation on the platform. Continue reading TikTok Flaw Allows Threat Actors to Plant Forged Videos in User Feeds
Marriage, divorce and death certificates, beneficiary info, passports and more were all caught up in an email takeover hack. Continue reading GE Employees Lit Up with Sensitive Doc Breach