Tootfinder

Palo Alto confirms Salesloft Drift Integration was used to compromise Salesforce instances
https://unit42.paloaltonetworks.com/threat-brief-compromised-salesforce-instances/

Threat Brief: Salesloft Drift Integration Used To Compromise Salesforce Instances
This Threat Brief discusses observations on a campaign leveraging Salesloft Drift integration to exfiltrate data via compromised OAuth credentials.

If you are a Microsoft Entra ID shop, I highly recommend following this article’s advice on Conditional Access Policy implementation #cybersecurity
From: @…

Catalin Cimpanu (@campuscodi@mastodon.social)
Attached: 1 image PAN published TTPs from Muddled Libra (Scattered Spider) intrusions. Per the graph, they've certainly changed. This is because individuals who made up the Scattered Spider "group" back in 2023 have been arrested, and this is a new "batch" of APTeens. https://unit42.paloaltonetworks.com/muddled-libra/