Scope of Salesforce Attacks Expands as Icarus Leaks Data
More victims have emerged after attackers breached application vendor Klue and used its OAuth tokens to steal customers' Salesforce data.
Yasna brings together recent headlines from selected sources and makes them easier to sort with tags, filters, and search.
Search across headline titles and summaries.
Weekly headline count for the current query.
More victims have emerged after attackers breached application vendor Klue and used its OAuth tokens to steal customers' Salesforce data.
Microsoft on Monday warned of phishing campaigns that employ phishing emails and OAuth URL redirection mechanisms to bypass conventional phishing defenses implemented in email and browsers
Crims hope for payday from malicious payloads rather than stealing access tokens Microsoft has warned organizations about ongoing OAuth abuse scams that use phishing emails and URL redirects to infect victims' machines with malware and take over their devices.…
Cybersecurity researchers have discovered five new malicious Google Chrome web browser extensions that masquerade as human resources (HR) and enterprise resource planning (ERP) platforms like Workday, NetSuite, and SuccessFactors to take control of victim accounts
A suspected Russia-aligned group has been attributed to a phishing campaign that employs device code authentication workflows to steal victims' Microsoft 365 credentials and conduct account takeover attacks
Okta uncovers new phishing-as-a-service operation with 'multiple entities' falling victim Multiple attackers using a new phishing service dubbed VoidProxy to target organizations' Microsoft and Google accounts have successfully stolen users' credentials, multi-factor authentication codes, and session tokens in real time, according to security researchers.…
Salesloft Says Hackers Broke Into Its GitHub RepositoryCybersecurity firms Tenable and Qualys fell to attacks stemming from hacker theft of authentication tokens from a third-party tool often integrated into Salesforce. The firms disclosed their exposure to the attack that lifted access tokens from marketing-as-a-service software provider Salesloft.
A group linked to Russian intelligence services redirected victims to fake Cloudflare verification pages and exploited Microsoft's device code authentication flow.
'Widespread Data Theft Campaign' Compromised Many Drift OAuth Tokens, Warn ExpertsThreat researchers report that "a widespread data theft campaign" traces to attackers stealing OAuth access tokens for applications integrated with Salesloft's AI chatbot Drift, then exfiltrating data. Victims include Salesforce customer Zscaler. Google Workspace instances were also breached.
Google has announced that it's making a security feature called Device Bound Session Credentials (DBSC) in open beta to ensure that users are safeguarded against session cookie theft attacks
Cybersecurity researchers have discovered a case of "forced authentication" that could be exploited to leak a Windows user's NT LAN Manager (NTLM) tokens by tricking a victim into opening a specially crafted Microsoft Access file
GitHub has put out an advisory detailing what may be an ongoing phishing campaign targeting its users to steal credentials and two-factor authentication (2FA) codes by impersonating the CircleCI DevOps platform
Attackers used adversary-in-the-middle attacks to steal passwords, hijack sign-in sessions and skip authentication and then use victim mailboxes to launch BEC attacks against other targets.
A clever, new phishing technique uses Microsoft Edge WebView2 applications to steal victim's authentication cookies, allowing threat actors to bypass multi-factor authentication when logging into stolen accounts. [...]
The data-extortion gang got at Microsoft's Azure DevOps server. Meanwhile, fellow Lapsus$ victim and authentication firm Okta said 2.5 percent of customers were affected in its own Lapsus$ attack.