市值: $2.0461T -0.41%
成交额(24h): $79.2456B -0.61%
  • 市值: $2.0461T -0.41%
  • 成交额(24h): $79.2456B -0.61%
  • 恐惧与贪婪指数:
  • 市值: $2.0461T -0.41%
加密货币
话题
百科
资讯
加密话题
视频
热门新闻
加密货币
话题
百科
资讯
加密话题
视频
bitcoin
bitcoin

$87959.907984 USD

1.34%

ethereum
ethereum

$2920.497338 USD

3.04%

tether
tether

$0.999775 USD

0.00%

xrp
xrp

$2.237324 USD

8.12%

bnb
bnb

$860.243768 USD

0.90%

solana
solana

$138.089498 USD

5.43%

usd-coin
usd-coin

$0.999807 USD

0.01%

tron
tron

$0.272801 USD

-1.53%

dogecoin
dogecoin

$0.150904 USD

2.96%

cardano
cardano

$0.421635 USD

1.97%

hyperliquid
hyperliquid

$32.152445 USD

2.23%

bitcoin-cash
bitcoin-cash

$533.301069 USD

-1.94%

chainlink
chainlink

$12.953417 USD

2.68%

unus-sed-leo
unus-sed-leo

$9.535951 USD

0.73%

zcash
zcash

$521.483386 USD

-2.87%

加密货币新闻

Salesforce数据泄露案例研究:Salesloft&Drift崩溃的课程

2025/09/11 23:01

深入研究2025年的Salesloft Drift数据泄露,探索Salesforce用户和更广泛的SaaS生态系统的脆弱性,影响和关键课程。

Salesforce数据泄露案例研究:Salesloft&Drift崩溃的课程

Salesforce Data Breach Case Study: Lessons from the Salesloft & Drift Debacle

Salesforce数据泄露案例研究:Salesloft&Drift崩溃的课程

In the ever-evolving landscape of cybersecurity, the 2025 Salesloft Drift data breaches stand as a stark reminder of the interconnected risks within the SaaS ecosystem. This case study delves into the incident, highlighting key vulnerabilities and offering insights for Salesforce users and organizations seeking to bolster their cyber resilience.

在不断发展的网络安全景观中,2025年的Salesloft Drift数据泄露是一个明显的提醒,提醒着SaaS生态系统中相互联系的风险。该案例研究深入研究了事件,突出了关键漏洞,并为寻求增强其网络弹性的Salesforce用户和组织提供见解。

The Salesloft Drift Data Breach: A Perfect Storm

Salesloft Drift数据泄露:完美的风暴

The Salesloft Drift breaches of August 2025 represent a significant supply chain attack in SaaS history. Threat actor UNC6395 exploited OAuth token vulnerabilities to access sensitive data from over 700 organizations, including major cybersecurity vendors like Cloudflare, Palo Alto Networks, and Zscaler. It all started with a compromised GitHub account.

2025年8月的Salesloft漂流破裂是SaaS历史上的重大供应链攻击。威胁参与者UNC6395利用了Oauth代币漏洞,以访问700多个组织的敏感数据,包括Cloudflare,Palo Alto Networks和Zscaler等主要网络安全供应商。这一切都始于受损的GitHub帐户。

GitHub Account Breach: The Starting Point

GitHub帐户漏洞:起点

The attack began months before public disclosure, with UNC6395 gaining access to Salesloft's GitHub account in March 2025. This initial compromise, undetected for three months, allowed the attackers to conduct reconnaissance, download content, add guest users, and establish workflows for mass data exfiltration. This highlights the critical importance of securing code repositories and development infrastructure.

袭击始于公开披露之前的几个月,UNC6395于2025年3月获得了Salesloft的GitHub帐户的访问权。这一最初的妥协持续了三个月,允许攻击者进行侦察,下载内容,添加访客用户并为大众数据驱逐工作。这突出了确保代码存储库和开发基础架构的关键重要性。

OAuth Token Theft: The Key to the Kingdom

Oauth令牌盗窃:王国的钥匙

The attackers then exploited Drift's Amazon Web Services (AWS) environment to obtain OAuth tokens for Drift customers’ technology integrations. These tokens, acting as digital keys, granted access to user data across platforms like Salesforce, Google Workspace, and other business applications. This is a classic supply chain vulnerability – compromising one service to gain access to many others.

然后,攻击者利用了Drift的Amazon Web服务(AWS)环境,为Drift客户的技术集成获得OAuth代币。这些代币充当数字密钥,允许跨销售Force,Google Workspace和其他业务应用程序等平台访问用户数据。这是一个经典的供应链脆弱性 - 损害了一项服务以访问许多其他服务。

Salesforce Instances Targeted

Salesforce实例针对性

Between August 8 and 18, 2025, UNC6395 launched a systematic data exfiltration campaign targeting Salesforce instances connected through Drift integrations. The focus was on credential harvesting, aiming to enable secondary attacks and lateral movement across victim environments. This shows the long-term strategic thinking of sophisticated threat actors.

在2025年8月8日至18日之间,UNC6395启动了针对通过漂移集成相关的Salesforce实例的系统数据剥离活动。重点是凭证收获,旨在实现次要攻击和跨受害者环境的横向运动。这表明了复杂威胁参与者的长期战略思想。

Key Takeaways and Mitigation Strategies

关键要点和缓解策略

The Salesloft Drift breach exposes several interconnected security failures:

SalesLoft Drift漏洞暴露了几个相互联系的安全失败:

  • Inadequate Security Controls: The GitHub compromise points to weaknesses in securing code repositories and development infrastructure.
  • Credential Management Shortcomings: The ability to steal OAuth tokens from AWS environments indicates significant gaps in credential management.
  • Insufficient Oversight of Third-Party Integrations: Organizations lacked adequate monitoring and control over third-party integrations.
  • Detection and Response Deficiencies: The extended duration of malicious activity reveals deficiencies in detection and response capabilities.

Immediate Response Actions

立即响应动作

  • Implement robust OAuth token security hardening measures.
  • Conduct thorough third-party integration reviews.
  • Enhance monitoring and detection capabilities.

Strategic Security Improvements

战略安全改进

  • Establish comprehensive supply chain risk management programs.
  • Implement a Zero Trust architecture.
  • Enhance development security practices.

The Big Picture: A Wake-Up Call for SaaS Security

大局:唤醒SaaS安全的呼唤

The Salesloft Drift breach serves as a critical reminder of the evolving threat landscape and the importance of proactive security measures. As supply chain attacks become more sophisticated, organizations must prioritize comprehensive, integrated security programs that can adapt to dynamic cyber threats. The incident underscores how interconnected the SaaS world is, and how vulnerabilities in one area can quickly cascade into widespread problems.

Salesloft Drift违规行为至关重要的是,不断发展的威胁格局和主动安全措施的重要性。随着供应链攻击变得越来越复杂,组织必须优先考虑可以适应动态网络威胁的全面,集成的安全计划。该事件强调了SaaS世界的相互联系,以及一个地区的脆弱性如何迅速陷入广泛的问题。

Final Thoughts

最后的想法

So, what's the takeaway? This whole Salesforce data breach saga is a bit of a mess, right? But hey, on the bright side, it's a fantastic learning opportunity. Let's use this as a chance to tighten up our security game and keep those digital bandits at bay. After all, a little paranoia never hurt anyone in cybersecurity!

那么,收获是什么?整个Salesforce数据泄露传奇故事有点混乱,对吗?但是,嘿,从好的一面来看,这是一个绝佳的学习机会。让我们将其作为收紧我们的安全游戏并将这些数字匪徒拒之门外的机会。毕竟,一点偏执狂永远不会伤害任何网络安全!

原文来源:cybersecuritynews

免责声明:info@kdj.com

所提供的信息并非交易建议。根据本文提供的信息进行的任何投资,kdj.com不承担任何责任。加密货币具有高波动性,强烈建议您深入研究后,谨慎投资!

如您认为本网站上使用的内容侵犯了您的版权,请立即联系我们(info@kdj.com),我们将及时删除。

2026年07月02日 发表的其他文章