Attack Compromises Popular NPM Packages
The affected packages include Chalk and Debug, and one of the contributors to those packages said the compromise was the result of him clicking on a phishing email related to setting up 2FA on his account.
All topics
Data breach
11 Posts
The Salesloft Drift Fallout and SBOM Guidance From CISA and NSA
Dennis and Lindsey talk through the continuing fallout of the Salesloft Drift incident (2:05) in light of the disclosure of several new companies that are involved, including Cloudflare, which published an excellent post-mortem on the intrusion. Then they discuss the new Shared Vision of SBOM for Cybersecurity published by CISA, NSA, and many foreign government […]
Cloudflare Details Salesloft Drift Breach
This incident is the latest to stem from an intrusion at Salesloft in which attackers used OAuth tokens to target Salesloft customers’ Salesforce integrations.
UNC6395 Expands Data Theft Campaign to Email OAuth Tokens
Google researchers discovered the new attacks and are advising all customers to treat any authentication tokens for those integrations as compromised.
The Lasting Repercussions of the Sony Hack
The Sony Pictures hack in 2014 by the North Korean Lazarus Group was a seminal event both in Hollywood and in the security community, bringing to light the capabilities and ambitions of North Korean attackers and showing the damage a leak of sensitive data can be. Brian Raftery joins Dennis Fisher to discuss his new Ringer podcast, The […]