市值: $2.0384T 0.60%
體積(24小時): $77.8156B -3.85%
  • 市值: $2.0384T 0.60%
  • 體積(24小時): $77.8156B -3.85%
  • 恐懼與貪婪指數:
  • 市值: $2.0384T 0.60%
加密
主題
加密植物
資訊
加密術
影片
頭號新聞
加密
主題
加密植物
資訊
加密術
影片
bitcoin
bitcoin

$87959.907984 USD

1.34%

ethereum
ethereum

$2920.497338 USD

3.04%

tether
tether

$0.999775 USD

0.00%

xrp
xrp

$2.237324 USD

8.12%

bnb
bnb

$860.243768 USD

0.90%

solana
solana

$138.089498 USD

5.43%

usd-coin
usd-coin

$0.999807 USD

0.01%

tron
tron

$0.272801 USD

-1.53%

dogecoin
dogecoin

$0.150904 USD

2.96%

cardano
cardano

$0.421635 USD

1.97%

hyperliquid
hyperliquid

$32.152445 USD

2.23%

bitcoin-cash
bitcoin-cash

$533.301069 USD

-1.94%

chainlink
chainlink

$12.953417 USD

2.68%

unus-sed-leo
unus-sed-leo

$9.535951 USD

0.73%

zcash
zcash

$521.483386 USD

-2.87%

加密貨幣新聞文章

Salesforce數據洩露案例研究:Salesloft&Drift崩潰的課程

2025/09/11 23:01

深入研究2025年的Salesloft Drift數據洩露,探索Salesforce用戶和更廣泛的SaaS生態系統的脆弱性,影響和關鍵課程。

Salesforce數據洩露案例研究:Salesloft&Drift崩潰的課程

Salesforce Data Breach Case Study: Lessons from the Salesloft & Drift Debacle

Salesforce數據洩露案例研究:Salesloft&Drift崩潰的課程

In the ever-evolving landscape of cybersecurity, the 2025 Salesloft Drift data breaches stand as a stark reminder of the interconnected risks within the SaaS ecosystem. This case study delves into the incident, highlighting key vulnerabilities and offering insights for Salesforce users and organizations seeking to bolster their cyber resilience.

在不斷發展的網絡安全景觀中,2025年的Salesloft Drift數據洩露是一個明顯的提醒,提醒著SaaS生態系統中相互聯繫的風險。該案例研究深入研究了事件,突出了關鍵漏洞,並為尋求增強其網絡彈性的Salesforce用戶和組織提供見解。

The Salesloft Drift Data Breach: A Perfect Storm

Salesloft Drift數據洩露:完美的風暴

The Salesloft Drift breaches of August 2025 represent a significant supply chain attack in SaaS history. Threat actor UNC6395 exploited OAuth token vulnerabilities to access sensitive data from over 700 organizations, including major cybersecurity vendors like Cloudflare, Palo Alto Networks, and Zscaler. It all started with a compromised GitHub account.

2025年8月的Salesloft漂流破裂是SaaS歷史上的重大供應鏈攻擊。威脅參與者UNC6395利用了Oauth代幣漏洞,以訪問700多個組織的敏感數據,包括Cloudflare,Palo Alto Networks和Zscaler等主要網絡安全供應商。這一切都始於受損的GitHub帳戶。

GitHub Account Breach: The Starting Point

GitHub帳戶漏洞:起點

The attack began months before public disclosure, with UNC6395 gaining access to Salesloft's GitHub account in March 2025. This initial compromise, undetected for three months, allowed the attackers to conduct reconnaissance, download content, add guest users, and establish workflows for mass data exfiltration. This highlights the critical importance of securing code repositories and development infrastructure.

襲擊始於公開披露之前的幾個月,UNC6395於2025年3月獲得了Salesloft的GitHub帳戶的訪問權。這一最初的妥協持續了三個月,允許攻擊者進行偵察,下載內容,添加訪客用戶並為大眾數據驅逐工作。這突出了確保代碼存儲庫和開發基礎架構的關鍵重要性。

OAuth Token Theft: The Key to the Kingdom

Oauth令牌盜竊:王國的鑰匙

The attackers then exploited Drift's Amazon Web Services (AWS) environment to obtain OAuth tokens for Drift customers’ technology integrations. These tokens, acting as digital keys, granted access to user data across platforms like Salesforce, Google Workspace, and other business applications. This is a classic supply chain vulnerability – compromising one service to gain access to many others.

然後,攻擊者利用了Drift的Amazon Web服務(AWS)環境,為Drift客戶的技術集成獲得OAuth代幣。這些代幣充當數字密鑰,允許跨銷售Force,Google Workspace和其他業務應用程序等平台訪問用戶數據。這是一個經典的供應鏈脆弱性 - 損害了一項服務以訪問許多其他服務。

Salesforce Instances Targeted

Salesforce實例針對性

Between August 8 and 18, 2025, UNC6395 launched a systematic data exfiltration campaign targeting Salesforce instances connected through Drift integrations. The focus was on credential harvesting, aiming to enable secondary attacks and lateral movement across victim environments. This shows the long-term strategic thinking of sophisticated threat actors.

在2025年8月8日至18日之間,UNC6395啟動了針對通過漂移集成相關的Salesforce實例的系統數據剝離活動。重點是憑證收穫,旨在實現次要攻擊和跨受害者環境的橫向運動。這表明了複雜威脅參與者的長期戰略思想。

Key Takeaways and Mitigation Strategies

關鍵要點和緩解策略

The Salesloft Drift breach exposes several interconnected security failures:

SalesLoft Drift漏洞暴露了幾個相互聯繫的安全失敗:

  • Inadequate Security Controls: The GitHub compromise points to weaknesses in securing code repositories and development infrastructure.
  • Credential Management Shortcomings: The ability to steal OAuth tokens from AWS environments indicates significant gaps in credential management.
  • Insufficient Oversight of Third-Party Integrations: Organizations lacked adequate monitoring and control over third-party integrations.
  • Detection and Response Deficiencies: The extended duration of malicious activity reveals deficiencies in detection and response capabilities.

Immediate Response Actions

立即響應動作

  • Implement robust OAuth token security hardening measures.
  • Conduct thorough third-party integration reviews.
  • Enhance monitoring and detection capabilities.

Strategic Security Improvements

戰略安全改進

  • Establish comprehensive supply chain risk management programs.
  • Implement a Zero Trust architecture.
  • Enhance development security practices.

The Big Picture: A Wake-Up Call for SaaS Security

大局:喚醒SaaS安全的呼喚

The Salesloft Drift breach serves as a critical reminder of the evolving threat landscape and the importance of proactive security measures. As supply chain attacks become more sophisticated, organizations must prioritize comprehensive, integrated security programs that can adapt to dynamic cyber threats. The incident underscores how interconnected the SaaS world is, and how vulnerabilities in one area can quickly cascade into widespread problems.

Salesloft Drift違規行為至關重要的是,不斷發展的威脅格局和主動安全措施的重要性。隨著供應鏈攻擊變得越來越複雜,組織必須優先考慮可以適應動態網絡威脅的全面,集成的安全計劃。該事件強調了SaaS世界的相互聯繫,以及一個地區的脆弱性如何迅速陷入廣泛的問題。

Final Thoughts

最後的想法

So, what's the takeaway? This whole Salesforce data breach saga is a bit of a mess, right? But hey, on the bright side, it's a fantastic learning opportunity. Let's use this as a chance to tighten up our security game and keep those digital bandits at bay. After all, a little paranoia never hurt anyone in cybersecurity!

那麼,收穫是什麼?整個Salesforce數據洩露傳奇故事有點混亂,對嗎?但是,嘿,從好的一面來看,這是一個絕佳的學習機會。讓我們將其作為收緊我們的安全遊戲並將這些數字匪徒拒之門外的機會。畢竟,一點偏執狂永遠不會傷害任何網絡安全!

原始來源:cybersecuritynews

免責聲明:info@kdj.com

所提供的資訊並非交易建議。 kDJ.com對任何基於本文提供的資訊進行的投資不承擔任何責任。加密貨幣波動性較大,建議您充分研究後謹慎投資!

如果您認為本網站使用的內容侵犯了您的版權,請立即聯絡我們(info@kdj.com),我們將及時刪除。

2026年07月02日 其他文章發表於