Another Salesloft Drift-related breach has been disclosed. Seucrity Affairs reports: Zscaler discloses a data breach that is linked to the recent Salesloft Drift attack. The cybersecurity vendor confirmed it was affected by a campaign targeting Salesloft Drift, a marketing SaaS integrated with Salesforce. Threat actors stole OAuth tokens from the company, the incident impacted multiple Salesforce […]
Customers are targeted through compromised OAuth access tokens from Salesloft Drift integrations. IT Pro reports: Google’s Threat Intelligence Group (GTIG) has revealed that hackers harvested user credentials from Salesforce customers in a widespread campaign during the first half of this month. The attacker, tracked as UNC6395, targeted Salesforce customer instances through compromised OAuth tokens associated […]
Cybernews reports: The Farmers Insurance Group is notifying 1,111,386 people that their personal information was exposed in a recent cyberattack earlier this year. The American insurance giant said it began sending breach notification letters about the May 29th “security incident” out of an “abundance of caution” on August 22nd. The breach may have involved the […]
A provider of criminal background checks in the U.K. is dealing with a breach at a third-party developer. The Register reports: A leading UK provider of criminal record checks for employers is handling a data breach stemming from a third-party development company. Access Personal Checking Services (APCS) has written to customers to notify them that […]
The Register reports: Microsoft-owned talk-to-text outfit Nuance has agreed to cough up $8.5 million to settle a class action lawsuit over the sprawling MOVEit Transfer mega-breach – although it admits no liability. The proposed deal [PDF], filed in a Massachusetts federal court last week, would draw a line under litigation brought by individuals who claimed that the company failed […]
FOX 5 in Atlanta reports: A cyberattack that shut down Georgia’s SNAP (Supplemental Nutrition Assistance Program) call center may not have been an isolated incident. Officials with the United States Department of Agriculture tell FOX 5 that similar attacks have happened in six other states recently. The backstory: On July 28, the Georgia Department of […]
BBC reports: Thousands of Afghans brought to safety in the UK have had their personal data exposed, after a Ministry of Defence (MoD) sub-contractor suffered a data breach. The names, passport information and Afghan Relocations and Assistance Policy (Arap) details of up to 3,700 Afghans have potentially been compromised after Inflite The Jet Centre, which […]
TechNadu reports: A vendor that serves the Los Angeles Unified School District, Kokomo24/7, has notified authorities about a network file exposure on its internal systems and data storage environment. Investigators determined that the suspicious activity discovered on December 11, 2024, allowed cybercriminals to access sensitive personal information. Since Kokomo24/7 is a vendor for the Los Angeles Unified […]
As reported by Mid-Hudson News: The company that administers employee healthcare benefits for Ulster County government employees has been hit with a data breach and the workers were only recently notified of the breach of Alera Group’s computer systems, which occurred in August 2024. Alera was unable to confirm the level of the breach until […]
Google’s Intelligence Threat Group (GITG) has been tracking various threat actor groups under tracking labels such as UNC 6040, UNC 6240, and UNC 3944. The first two overlap with threat actors known as ShinyHunters, while the third overlaps with Scattered Spider. The ShinyHunters group has been linked to attacks on customers of Salesforce. Google itself […]
