Scope of Salesforce Attacks Expands as Icarus Leaks Data
More victims have emerged after attackers breached application vendor Klue and used its OAuth tokens to steal customers' Salesforce data.
Yasna brings together recent headlines from selected sources and makes them easier to sort with tags, filters, and search.
Search across headline titles and summaries.
Weekly headline count for the current query.
More victims have emerged after attackers breached application vendor Klue and used its OAuth tokens to steal customers' Salesforce data.
A group linked to Russian intelligence services redirected victims to fake Cloudflare verification pages and exploited Microsoft's device code authentication flow.
Researchers discovered a novel phishing attack that serves the victim a QR code as part of supposed multifactor authentication (MFA), in order to get around FIDO-based protections.
Axiad's State of Authentication Survey also found nearly half of respondents think phishing is the most likely cyberattack, yet only 27% plan to use phishing-resistant MFA next year.
The security flaw tracked as CVE-2022-30216 could allow attackers to perform server spoofing or trigger authentication coercion on the victim.