Cloudflare Details Salesloft Drift Breach
This incident is the latest to stem from an intrusion at Salesloft in which attackers used OAuth tokens to target Salesloft customers’ Salesforce integrations.
All topics
Intrusions
37 Posts
UNC6395 Expands Data Theft Campaign to Email OAuth Tokens
Google researchers discovered the new attacks and are advising all customers to treat any authentication tokens for those integrations as compromised.
US Gov Links Private Chinese Firms to Salt Typhoon Hacks
Salt Typhoon has not been observed exploiting zero-day flaws, but instead targeting known bugs in exposed network edge devices - some of which are years old.
Attacks Hit Possible SonicWall Zero Day
Attackers are exploiting a likely zero day vulnerability in some versions of SonicWall Firewall devices with the SSL VPN functionality enabled, and in some cases are able to bypass MFA protections. The intrusions have been ongoing since at least the end of last week, and researchers have observed some attackers deploying the Akira ransomware after […]
New PXA Stealer Campaign Hits Victims Worldwide
A group of attackers with ties to the Vietnamese cybercrime underground ecosystem are running a significant campaign across many different countries that is delivering the PXA Stealer malware and uses novel sideloading and anti-analysis techniques to slip past defensive measures. The campaign has targeted victims in more than 60 countries and the attackers have harvested […]
Microsoft Finds Secret Blizzard Targeting Foreign Diplomats
Microsoft has uncovered a long-running campaign by a threat group affiliated with Russian intelligence that has targeted diplomats working in Russia with a custom tool called ApolloShadow that enables the group to maintain persistence on victims’ devices as part of a cyberespionage operation. The group is known as Secret Blizzard and Microsoft’s researchers found that […]