Cybersecurity firms Cloudflare, Palo Alto Networks, and Zscaler on Tuesday confirmed that their Salesforce instances were hacked as part of the Salesforce-Salesloft Drift data theft campaign disclosed last week. Between August 8 and August 18, hackers used compromised OAuth tokens for the third-party AI chat bot Salesloft Drift to export large volumes of data from the Salesforce instances of hundreds of organizations. READ MORE...
British automobile manufacturer Jaguar Land Rover (JLR) is scrambling to restore applications and operations that were impacted by a cyberattack. In a brief notice on Tuesday, the company said it disconnected its systems, which severely impacted both retail and manufacturing operations. "JLR has been impacted by a cyber incident. We took immediate action to mitigate its impact by proactively shutting down our systems," a JLR spokesperson told SecurityWeek. READ MORE...
Google has disputed a widely reported story about the company warning all Gmail users to reset their passwords due to a recent data breach that also affected some Workspace accounts. This claim was covered by numerous news outlets, as well as cybersecurity firms, which published stories about the so-called "urgent warning" asking 2.5 billion Gmail users worldwide to enable two-step authentication and reset their passwords. READ MORE...
Agatha Christie stuck a dagger in the notion that crime doesn't pay. With sales of between two and four billion books - fittingly, the exact number is a mystery - she built a career out of murder that out-bloodied Jack the Ripper. It's a fair bet that had she chosen to write about accountancy fraud instead, her sales would be between two and four billion fewer. Some crime is sexy. Some is not. READ MORE...
The Pennsylvania Office of Attorney General has confirmed that ransomware was behind a three-weeks-long outage impacting operations at offices across the Commonwealth. The incident was initially disclosed on August 11, via social media posts, as the office's entire network was down, including its website, email, and main phone line. By August 14, access to the website had been restored in some capacity. READ MORE...
In today's complex threat environment, the challenge for security professionals isn't just defeating threats, it's finding your vulnerabilities in the first place. That's where External Attack Surface Management (EASM) tools come in. EASM can identify the many weaknesses that attackers use to target your organization. Effective solutions provide crucial information on the vulnerabilities of organizational assets and cloud services that are visible in the public domain. READ MORE...