资讯

Cybernews8 天

Massive attack hits Salesforce users: hackers exfiltrating data with stolen third-party app ...

Hackers have stolen large volumes of data from numerous corporate Salesforce instances. They abused compromised access tokens ...
Security Boulevard8 天

UNC6395 and the Salesloft Drift Attack: Why Salesforce OAuth Integrations are a Growing Risk

A recent UNC6395 Salesloft Drift breach reveals Salesforce SaaS risks. Learn how to simplify breach detection, prevention, ...
VentureBeat3 年

Hackers use stolen OAuth access tokens to breach dozens ... - VentureBeat

Last week, GitHub Security researchers reported that an unknown attacker is using stolen OAuth user tokens issued to Heroku and Travis-CI to download data from dozens of organization’s private ...

Salesloft Drift: Login token misused for data theft

The AI platform Salesloft Drift has a security problem that attackers are exploiting to extract large amounts of data from Salesforce, for example.
Ars Technica6 年

Gmail’s API lockdown will kill some third-party app access, starting ...

Gmail’s API lockdown will kill some third-party app access, starting July 15 Google emails users: "the following apps may no longer be able to access your data." ...
CSOonline2 年

Threat actors abuse Microsoft’s “verified publisher” status to ...

Proofpoint discovers threat actors targeting verified status in the Microsoft environment to abuse OAuth privileges and lure users into authorizing malicious apps.