"Pete Luban, Field CISO at AttackIQ, remarks, 'This most recent attack lines up with the recent uptick in activity seen from ShinyHunters, where 'breaking in' is often less about exotic malware and more about abusing the messy state of modern environments.'"
"'ShinyHunters keeps winning where identity, configuration, and third-party controls are treated like set-and-forget tasks. Organizations need to protect their environments with the understanding that modern attackers can use vulnerabilities in any part of a cybersecurity ecosystem to launch attacks and cause chaos.'"
"'Validating defenses against realistic abuse paths can help security teams identify where gaps in security lie, and patch them in order to prevent outsider access and data exfiltration, rather than just alerting after the fact.'"
"'This activity appears to be part of a broader issue involving a misconfiguration within Salesforce's environment that has impacted multiple organizations that work with Salesforce.'"
McGraw Hill reported a data breach associated with a misconfiguration in a Salesforce database. The cybercriminal group ShinyHunters claimed responsibility, stating they obtained 45 million records and threatened to release them unless their demands were met. Experts noted that ShinyHunters exploits vulnerabilities in modern environments, emphasizing the need for organizations to treat cybersecurity measures as active and ongoing. McGraw Hill has secured affected webpages and initiated an investigation, acknowledging that the misconfiguration has impacted multiple organizations using Salesforce.
Read at Securitymagazine
Unable to calculate read time
Collection
[
|
...
]