Salesloft breached to steal OAuth tokens for Salesforce data-theft attacks
Hackers breached sales automation platform Salesloft to steal OAuth and refresh tokens from its Drift chat agent integration with Salesforce to pivot to customer environments and exfiltrate data. The ShinyHunters extortion group claims responsibility for these additional Salesforce attacks.
Court ruling in Epic-Google fight could have âcatastrophicâ cyber consequences, former govât officials say | CyberScoop
A court injunction in the long fight between Fortnite publisher Epic Games and Google could have âcatastrophic results for the nationâs securityâ and ârisks creating massive cybersecurity vulnerabilities in the online ecosystem,â a group of former top government officials said in a filing Monday.
Nevada closes state offices as cyberattack disrupts IT systems
Nevada remains two days into a cyberattack that began early Sunday, disrupting government websites, phone systems, and online platforms, and forcing all state offices to close on Monday.
CISA warns of actively exploited Git code execution flaw
The U.S. Cybersecurity & Infrastructure Security Agency (CISA) is warning of hackers exploiting an arbitrary code execution flaw in the Git distributed version control system.
DSLRoot, Proxies, and the Threat of âLegal Botnetsâ
The cybersecurity community on Reddit responded in disbelief this month when a self-described Air National Guard member with top secret security clearance began questioning the arrangement they'd made with company called DSLRoot, which was paying $250 a month to plugâŠ
Nevada state websites, phone lines knocked offline by cyberattack
The governor added that the state is working with local, tribal and federal partners to restore services, and is âusing temporary routing and operational workarounds to maintain public access where it is feasible."
Nissan confirms design studio data breach claimed by Qilin ransomware
Nissan Japan has confirmed to BleepingComputer that it suffered a data breach following unauthorized access to a server of one of its subsidiaries, Creative Box Inc. (CBI).
The Urgent Need for Hypervisor Security in Healthcare | CSA
Explore how healthcareâs growing reliance on virtual infrastructure has introduced a new class of threatsâand what can be done to secure the hypervisor layer.
Encryption Backdoor in Military/Police Radios - Schneier on Security
I wrote about this in 2023. Hereâs the story: Three Dutch security analysts discovered the vulnerabilitiesÂâfive in totalâÂin a European radio standard called TETRA (Terrestrial Trunked Radio), which is used in radios made by Motorola, Damm, Hytera, and others. The standard has been used in radios since the â90s, but the flaws remained unknown because encryption algorithms used in TETRA were kept secret until now. Thereâs new news: In 2023, Carlo Meijer, Wouter Bokslag, and Jos Wetzels of security firm Midnight Blue, based in the Netherlands, discovered vulnerabilities in encryption algorithms that are part of a European radio standard created by ETSI called TETRA (Terrestrial Trunked Radio), which has been baked into radio systems made by Motorola, Damm, Sepura, and others since the â90s. The flaws remained unknown publicly until their disclosure, because ETSI refused for decades to let anyone examine the proprietary algorithms...
.jpeg?width=350&height=&ar=16:9&mode=crop&format=avif&dpr=2)
