Topic: security breach
-
Salesforce Reveals Gainsight Breach Details and Investigation Steps
Salesforce disclosed a security incident involving Gainsight applications, with unauthorized access likely starting on November 8 and suspicious activity detected from mid-November using IPs from VPNs, Tor, and AWS. Indicators of compromise include specific IP addresses and a suspicious User Agen...
Read More » -
State-Sponsored Hackers Breached SonicWall in September
State-sponsored hackers breached SonicWall's cloud environment in September, accessing firewall configuration backup files via an API call, but no products, firmware, or customer networks were compromised. The exposed backup files contained sensitive credentials, prompting SonicWall to advise aff...
Read More » -
SonicWall Firewall Backups Compromised by Attackers
SonicWall confirmed that attackers used brute-force methods to access its cloud backup API, compromising configuration backup files for all customers who used the service, contradicting earlier statements about a limited impact. The compromised files contain sensitive data like network settings, ...
Read More » -
SonicWall Urges Password Reset Following Security Breach
SonicWall has advised customers to reset passwords after detecting unauthorized access to firewall configuration backup files in some MySonicWall accounts, which contain sensitive data like credentials and tokens. The company confirmed this was not a ransomware attack but a series of targeted bru...
Read More » -
Google: Salesloft AI Agent Data Breach Escalates Significantly
Google has issued a critical alert warning that all security tokens for Salesloft Drift AI should be considered compromised due to unauthorized access via stolen credentials. The breach, initially thought to be limited to Salesforce integration, has expanded to include other services, prompting G...
Read More » -
US Nuclear Plant Hacked Through SharePoint Vulnerabilities
A foreign actor breached the Kansas City National Security Campus by exploiting unpatched Microsoft SharePoint vulnerabilities, revealing critical cybersecurity flaws in sensitive government infrastructure. The compromised facility, managed by Honeywell FM&T for the NNSA, produces essential non-n...
Read More » -
Zero Trust: Why It's a Journey, Not a Destination
Zero trust is a continuous process, not a one-time project, requiring ongoing adaptation due to evolving threats, changing technology, and organizational growth. Modern challenges like AI-powered attacks, supply chain vulnerabilities, and distributed infrastructure (cloud, IoT, microservices) com...
Read More »