市值: $2.1463T 0.98%
體積(24小時): $77.1196B -17.44%
  • 市值: $2.1463T 0.98%
  • 體積(24小時): $77.1196B -17.44%
  • 恐懼與貪婪指數:
  • 市值: $2.1463T 0.98%
加密
主題
加密植物
資訊
加密術
影片
頭號新聞
加密
主題
加密植物
資訊
加密術
影片
bitcoin
bitcoin

$87959.907984 USD

1.34%

ethereum
ethereum

$2920.497338 USD

3.04%

tether
tether

$0.999775 USD

0.00%

xrp
xrp

$2.237324 USD

8.12%

bnb
bnb

$860.243768 USD

0.90%

solana
solana

$138.089498 USD

5.43%

usd-coin
usd-coin

$0.999807 USD

0.01%

tron
tron

$0.272801 USD

-1.53%

dogecoin
dogecoin

$0.150904 USD

2.96%

cardano
cardano

$0.421635 USD

1.97%

hyperliquid
hyperliquid

$32.152445 USD

2.23%

bitcoin-cash
bitcoin-cash

$533.301069 USD

-1.94%

chainlink
chainlink

$12.953417 USD

2.68%

unus-sed-leo
unus-sed-leo

$9.535951 USD

0.73%

zcash
zcash

$521.483386 USD

-2.87%

加密貨幣新聞文章

SalesLoft,Drift和Data Theft:喚醒雲安全性的喚醒電話

2025/09/02 02:40

針對Salesforce和Google Workspace的廣泛數據盜用廣告系列通過Salesloft的Drift應用程序揭示了相互聯繫的雲服務的漏洞。你能做什麼?

SalesLoft,Drift和Data Theft:喚醒雲安全性的喚醒電話

Hold on to your hats, folks! A recent security snafu involving Salesloft and Drift has the tech world buzzing. Turns out, a data theft campaign initially targeting Salesforce integrations has broader implications, potentially compromising Google Workspace accounts and other linked systems. It’s a wild ride, so buckle up!

抓住你的帽子,伙計們!涉及SalesLoft和Drift的最新安全性SNAFU引起了科技界的嗡嗡聲。事實證明,最初針對Salesforce集成的數據盜竊活動具有更廣泛的影響,可能損害Google Workspace帳戶和其他鏈接系統。這是一次瘋狂的旅程,所以搭扣了!

The Lowdown on the Salesloft/Drift Debacle

Salesloft/Drift崩潰的低點

Google's Threat Intelligence Group (GTIG) dropped a bombshell, warning of a large-scale data theft campaign by the criminal group UNC6395. Initially, the attacks appeared to affect Salesforce instances connected to Salesloft Drift. However, new analysis shows that other systems connected to Salesloft Drift are also at risk. All authentication tokens associated with the Drift platform must be considered compromised. Between August 8 and at least August 18, 2025, members of UNC6395 systematically copied large amounts of data from Salesforce instances of companies. To do so, they gained access using compromised OAuth tokens originating from the AI platform Salesloft Drift.

Google的威脅情報集團(GTIG)放棄了重磅炸彈,警告犯罪集團UNC6395的大規模數據盜用活動。最初,攻擊似乎會影響與SalesLoft Drift連接的Salesforce實例。但是,新的分析表明,與SalesLoft Drift連接的其他系統也處於危險之中。與漂移平台相關的所有身份驗證令牌必須被視為妥協。在2025年8月8日至8月18日之間,UNC6395的成員系統地從公司實例中復制了大量數據。為此,他們使用源自AI平台Salesloft Drift的受損的Oauth代幣獲得了訪問權限。

The Expanding Scope: It's Not Just Salesforce Anymore

擴大的範圍:不僅僅是Salesforce

What started as a targeted assault on Salesloft has ballooned into a widespread campaign, where hackers impersonated legitimate users to siphon data from third-party platforms. According to reports, the attackers used the stolen credentials to access not just CRM data but also email contents, expanding the scope beyond what was initially disclosed. The scope of this compromise is not exclusive to the Salesforce integration with Salesloft Drift and impacts other integrations.

最初是對SalesLoft有針對性的攻擊,已經激怒了廣泛的廣告系列,黑客將合法用戶冒充了來自第三方平台的siphon數據。據報導,攻擊者使用被盜的憑證不僅訪問CRM數據,還可以訪問電子郵件內容,從而將範圍擴展到了最初披露的範圍之外。此妥協的範圍並不是Salesforce與SalesLoft Drift的集成並影響其他集成的範圍。

How Did They Do It? OAuth Token Shenanigans

他們是怎麼做到的? Oauth令牌惡作劇

These threat actors stole OAuth tokens from Salesloft’s Drift, a tool used for sales engagement and customer relationship management. These tokens were then leveraged to infiltrate connected services, including Salesforce instances and, alarmingly, select Google Workspace email accounts. The attackers’ strategy involved compromising Salesloft’s Drift OAuth tokens, which granted them persistent access to integrated apps without needing direct passwords. This allowed unauthorized queries to Salesforce APIs and Workspace inboxes, potentially exposing customer records, emails, and proprietary information.

這些威脅參與者從Salesloft的Drift偷走了Oauth代幣,這是一種用於銷售參與和客戶關係管理的工具。然後將這些令牌利用為滲透連接的服務,包括Salesforce實例,並令人震驚地選擇Google Workspace電子郵件帳戶。攻擊者的策略涉及損害SalesLoft的Drift Oauth代幣,這使他們持續訪問集成應用程序而無需直接密碼。這允許未經授權的查詢來銷售Force API和Workspace收件箱,可能會揭示客戶記錄,電子郵件和專有信息。

The Aftermath: What’s Being Done?

後果:正在做什麼?

Google swiftly revoked all compromised tokens and disabled affected integrations, a move that Salesforce mirrored to contain the damage. Salesloft notified customers who manage their own Drift connections to third-party applications via API keys to revoke these keys and reconnect using new keys.

Google迅速撤銷了所有受損的令牌和殘疾人的積分,Salesforce鏡像以控制損壞的舉動。 SalesLoft通知客戶,他們通過API密鑰來管理自己的漂移連接到第三方應用程序,以撤銷這些鍵並使用新密鑰重新連接。

Lessons Learned: Time for a Security Overhaul

經驗教訓:進行安全大修的時間

This breach serves as a stark reminder of the perils in third-party integrations. OAuth tokens, while efficient, lack robust revocation mechanisms in many setups, allowing attackers to maintain access post-compromise. To mitigate future risks, experts recommend adopting zero-trust models that verify every access request, regardless of origin. Organizations should audit all connected apps and implement multi-factor authentication more stringently. Google’s advisory stresses treating all Salesloft-linked tokens as compromised and rotating them immediately.

這種違規行為明顯地提醒了第三方整合中的危險。 Oauth代幣雖然有效,但在許多設置中都缺乏強大的撤銷機制,從而使攻擊者能夠維持訪問後的副業。為了減輕未來的風險,專家建議採用零信任模型來驗證每個訪問請求,而不論其原點如何。組織應審核所有連接的應用程序,並更嚴格地實現多因素身份驗證。 Google的諮詢強調,將所有與SalesLoft連接的代幣視為妥協並立即旋轉。

My Two Cents

我的兩分錢

Let’s be real, this whole situation is a bit of a mess. The fact that a breach in one platform can cascade into others highlights the interconnectedness—and potential vulnerabilities—of modern cloud ecosystems. I think the industry needs to take a long, hard look at OAuth security and implement more robust safeguards. Otherwise, we’re just playing whack-a-mole with these breaches.

真實地說,整個情況有點混亂。一個平台中的漏洞可以級聯到其他平台中,這突出了現代云生態系統的相互聯繫以及潛在的脆弱性。我認為該行業需要對OAUTH安全進行漫長而艱苦的研究,並實施更強大的保障措施。否則,我們只是用這些漏洞打摩爾。

Wrapping Up: Stay Vigilant, Folks!

總結:保持警惕,伙計們!

So, there you have it. The Salesloft/Drift data theft campaign is a wake-up call for anyone relying on cloud integrations. Keep those security protocols tight, stay informed, and maybe double-check those third-party connections. After all, in the world of cybersecurity, paranoia is just good sense. Stay safe out there!

所以,你有。 SalesLoft/Drift Data That Fact活動是依靠雲集成的任何人的警鐘。保持這些安全協議緊密,了解這些第三方連接,並仔細檢查這些安全協議。畢竟,在網絡安全世界中,偏執狂只是很好的感覺。在那里安全!

原始來源:heise

免責聲明:info@kdj.com

所提供的資訊並非交易建議。 kDJ.com對任何基於本文提供的資訊進行的投資不承擔任何責任。加密貨幣波動性較大,建議您充分研究後謹慎投資!

如果您認為本網站使用的內容侵犯了您的版權,請立即聯絡我們(info@kdj.com),我們將及時刪除。

2026年07月04日 其他文章發表於