Everest Ransomware Group Claims Theft of Over 1TB of Chrysler Data
On December 25, while much of the world was observing Christmas, the Everest ransomware group published a new…
Salesforce
Report Names Teen in Scattered LAPSUS$ Hunters, Group Denies
Scattered LAPSUS$ Hunters admin “Rey,” allegedly a 15-year-old named Saif Khader from Jordan, has been named in a report linking him to the group. He denies the claim.
Gainsight breach: Salesforce details attack window, issues investigation guidance
The number of Salesforce customers affected by the recent compromise of Gainsight-published applications is yet to be publicly confirmed, but Salesforce released indicators of compromise (IoCs) and simultaneously shed some light on when the attack like…
ShinyHunters Breach Gainsight Apps on Salesforce, Claim Data from 1000 Firms
ShinyHunters breached Gainsight apps integrated with Salesforce, claiming access to data from 1000 firms using stolen credentials and compromised tokens.
Salesforce Gainsight compromise: Early findings and customer guidance
In the wake of Salesforce’s announcement about “unusual activity involving Gainsight-published applications” and the company’s revocation of access and refresh tokens associated with them, Gainsight has been doing a good job kee…
Salesforce alerts users to potential data exposure via Gainsight OAuth apps
Salesforce warns that unusual activity in Gainsight-linked OAuth apps may have enabled unauthorized access to some customers’ Salesforce data. Salesforce warned of unusual activity involving Gainsight-linked OAuth apps, noting that threat actors may have used these integrations to gain unauthorized access to some customers’ Salesforce data. “Salesforce has identified unusual activity involving Gainsight-published applications connected […]
Salesforce Instances Hacked via Gainsight Integrations
The infamous ShinyHunters hackers have targeted customer-managed Gainsight-published applications to steal data from Salesforce instances.
The post Salesforce Instances Hacked via Gainsight Integrations appeared first on SecurityWeek.
Salesforce investigates new incident echoing Salesloft Drift compromise
In what may be a repeat of the Salesloft Drift supply chain compromise, Salesforce confirmed that they’ve identified unusual activity involving Gainsight-published apps connected to Salesforce. “Our investigation indicates this activity may…
ShinyHunters Leak Alleged Data from Qantas, Vietnam Airlines and Other Major Firms
ShinyHunters and its affiliate hackers have leaked data from 6 firms, including Qantas and Vietnam Airlines, after claiming to breach 39 companies via a Salesforce vulnerability.
ShinyHunters Wage Broad Corporate Extortion Spree
A cybercriminal group that used voice phishing attacks to siphon more than a billion records from Salesforce customers earlier this year has launched a website that threatens to publish data stolen from dozens of Fortune 500 firms if they refuse to pay a ransom. The group also claimed responsibility for a recent breach involving Discord user data, and for stealing terabytes of sensitive files from thousands of customers of the enterprise software maker Red Hat.