Aggregator

Boards and executives are not asking for another feed of indicators. They want to know whether their organization is being targeted, how exposed they are, and what steps need to be taken. A new report from Flashpoint argues that most current intelligence models cannot keep up with these demands and that primary source collection (PSC) should become the standard approach. Why current models fall short Intelligence feeds rely on aggregation of publicly available data or … More →

The post Static feeds leave intelligence teams reacting to irrelevant or late data appeared first on Help Net Security.

Salesloft近日表示，攻击者最早于3月入侵了其GitHub账户，进而窃取了Drift平台的OAuth令牌——这些令牌随后在8月被用于大规模Salesforce数据窃取攻击。

Salesloft是一款广泛使用的销售互动平台，帮助企业管理客户拓展与沟通事务。其旗下Drift平台则是一款对话式营销工具，可将聊天机器人与自动化功能集成至销售流程中，其中包括与Salesforce等平台的对接。 

二者已成为8月末首次披露的重大供应链式攻击的核心。谷歌威胁情报团队将这些攻击归因于威胁组织UNC6395，但除了此前的Salesforce数据窃取攻击外，勒索团伙ShinyHunters以及声称是Scattered Spider的威胁者也参与了针对Salesloft Drift的攻击。

攻击源头：GitHub账户入侵

Salesloft于8月21日首次披露Drift应用存在安全问题，并在5天后公布了OAuth令牌被恶意利用的更多细节。这一事件已导致Salesloft客户遭遇大范围Salesforce数据窃取，受影响企业包括谷歌、Zscaler、Cloudflare、Workiva、Tenable、JFrog、Bugcrowd、Proofpoint、Palo Alto Networks等，且名单仍在持续增加。 

在针对Salesloft的 data theft 攻击中，威胁者的主要目标是窃取Salesforce实例中的支持工单，进而从工单中收集凭据、身份验证令牌及其他敏感信息。 

Salesloft在8月26日的更新中写道：“初步调查显示，攻击者的主要目的是窃取凭据，尤其聚焦于AWS访问密钥、密码、Snowflake相关访问令牌等敏感信息。” 

协助Salesloft应对此次漏洞的Mandiant公司经调查发现，威胁者最早在2025年3月至6月期间入侵了其GitHub环境。黑客从多个GitHub仓库下载代码，添加访客用户账户，并创建恶意工作流，为后续攻击埋下伏笔。 

Mandiant证实，同期攻击者还在Salesloft与Drift环境中开展了侦察活动。在入侵Drift的AWS环境后，攻击行为进一步升级——攻击者借此窃取了用于访问跨技术集成（包括Salesforce和Google Workspace）中客户数据的OAuth令牌。

后续处置与服务恢复

Salesloft表示，已采取轮换凭据、加强防御、验证与Drift的环境隔离等措施，Drift的基础设施也已完成隔离及凭据轮换。 

在Mandiant的协助下，该公司开展了威胁溯源工作，未发现其他入侵痕迹，这意味着威胁者已不再在其环境中留存据点。

目前，Mandiant已验证此次威胁得到遏制且环境隔离到位，工作重心已转向取证质量保证审查。

Salesloft发布的最新更新宣布，在因Drift安全事件采取预防性暂停措施后，已恢复与Salesforce的集成服务。Salesforce用户现在可重新使用Salesloft的全部集成功能，该公司还为需要执行数据同步的用户提供了分步指导。

Red AI Range (RAR) is a comprehensive security platform designed specifically for AI red teaming and vulnerability assessment.

The post Red AI Range: The New Platform for Hacking and Hardening AI Systems appeared first on Penetration Testing Tools.

Huntress found itself at the center of a heated debate following the publication of a study its own

The post The Hacker Who Hacked Himself: The Ethical Debate Dividing Cybersecurity appeared first on Penetration Testing Tools.

The world of Linux and its surrounding ecosystem is experiencing turbulent times. Developers are divided over how to

The post Beyond Linux: The New Kernels Rising from the Ashes of Open-Source Conflicts appeared first on Penetration Testing Tools.

Experts at Straiker have reported the discovery of a new tool called Villager, which since its release in

The post Villager: The New AI-Powered Tool Making Hacking Accessible appeared first on Penetration Testing Tools.

Researchers at ESET have reported the emergence of a new ransomware strain dubbed HybridPetya, which blends techniques from

The post HybridPetya: The New Ransomware Bypassing Secure Boot appeared first on Penetration Testing Tools.

Samsung has released its September security updates for Android, addressing a critical zero-day vulnerability that had already been

The post Samsung Users: Update Now to Patch Critical Zero-Day Vulnerability appeared first on Penetration Testing Tools.

You must login to view this content

On Thursday, the Helsinki Court of Appeal delivered a ruling that stirred widespread public reaction. Alexander Kivimäki, the

The post Vastaamo Hacker Freed: Why Finland’s Most Notorious Cybercriminal Is Out appeared first on Penetration Testing Tools.

A critical vulnerability has been uncovered—and almost immediately weaponized—in the IP telephony ecosystem through FreePBX. Signs of widespread

The post Critical FreePBX Flaw Under Attack: Is Your Phone System Compromised? appeared first on Penetration Testing Tools.

Researchers at Wordfence Threat Intelligence have uncovered a large-scale campaign involving the use of so-called “nulled plugins”—pirated copies

The post Beware of “Nulled” WordPress Plugins: A Hidden Threat to Your Website appeared first on Penetration Testing Tools.

Cybercriminal groups have begun exploiting a new phishing service, VoidProxy, on a massive scale, enabling them to steal

The post The New Phishing Service Stealing Your Microsoft and Google Data appeared first on Penetration Testing Tools.