Recent searches

No recent searches

Search options

Only available when logged in.
fosstodon.org is one of the many independent Mastodon servers you can use to participate in the fediverse.
Fosstodon is an invite only Mastodon instance that is open to those who are interested in technology; particularly free & open source software. If you wish to join, contact us for an invite.

Administered by:

Server stats:

8.6K
active users

fosstodon.org: AboutStatusProfiles directoryPrivacy policy

Mastodon: AboutGet the appKeyboard shortcutsView source codev4.4.3

#salesforce

30 posts26 participants3 posts today
teufelswerk<p>Die gestohlene Daten der US-amerikanische Tochtergesellschaft der Allianz SE wurden jetzt von den Hackern veröffentlicht. Sie haben 2,8 Millionen Datensätze mit sensiblen Informationen über Geschäftspartner und Kunden im Rahmen anhaltender Salesforce-Datendiebstahlangriffe offengelegt.<br>Am 26.07.2025 hatte Allianz Life bekannt gegeben, dass "nur" 1,4 Mio. Kundendatensätze erbeutet wurden. Mehr dazu in unserem Beitrag, inkl. eines kritischen Blicks auf den Vorfall 👇 </p><p><a href="https://teufelswerk.net/wenn-vertrauen-ins-wanken-geraet-allianz-life-und-der-grosse-datenklau" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">teufelswerk.net/wenn-vertrauen</span><span class="invisible">-ins-wanken-geraet-allianz-life-und-der-grosse-datenklau</span></a></p><p><a href="https://social.tchncs.de/tags/allianz" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>allianz</span></a> <a href="https://social.tchncs.de/tags/allianzlife" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>allianzlife</span></a> <a href="https://social.tchncs.de/tags/datenklau" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>datenklau</span></a> <a href="https://social.tchncs.de/tags/salesforce" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>salesforce</span></a> <a href="https://social.tchncs.de/tags/crm" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>crm</span></a> <a href="https://social.tchncs.de/tags/cybercrime" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>cybercrime</span></a> <a href="https://social.tchncs.de/tags/shinyhunters" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>shinyhunters</span></a> <a href="https://social.tchncs.de/tags/scatteredspider" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>scatteredspider</span></a> <a href="https://social.tchncs.de/tags/sicherheit" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>sicherheit</span></a> <a href="https://social.tchncs.de/tags/datensicherheit" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>datensicherheit</span></a> <a href="https://social.tchncs.de/tags/itsicherheitsvorfall" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>itsicherheitsvorfall</span></a> <a href="https://social.tchncs.de/tags/itsicherheit" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>itsicherheit</span></a> <a href="https://social.tchncs.de/tags/cybersecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>cybersecurity</span></a></p>
securityaffairs<p>Hackers leak 2.8M sensitive records from <a href="https://infosec.exchange/tags/Allianz" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Allianz</span></a> <a href="https://infosec.exchange/tags/Life" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Life</span></a> in <a href="https://infosec.exchange/tags/Salesforce" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Salesforce</span></a> data breach<br><a href="https://securityaffairs.com/181093/data-breach/hackers-leak-2-8m-sensitive-records-from-allianz-life-in-salesforce-data-breach.html" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">securityaffairs.com/181093/dat</span><span class="invisible">a-breach/hackers-leak-2-8m-sensitive-records-from-allianz-life-in-salesforce-data-breach.html</span></a><br><a href="https://infosec.exchange/tags/securityaffairs" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>securityaffairs</span></a> <a href="https://infosec.exchange/tags/hacking" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>hacking</span></a></p>
Abraham Samma🔬🔭👨‍💻<p>Ironic that Google's recent data exfiltration incident was facilitated by an insecure Salesforce instance. Remind me again why we use Salesforce? <a href="https://toolsforthought.social/tags/google" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>google</span></a> <a href="https://toolsforthought.social/tags/cybersecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>cybersecurity</span></a> <a href="https://toolsforthought.social/tags/salesforce" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>salesforce</span></a></p>
Chris Smart<p>Latest Pivot to <a href="https://mastodon.radio/tags/AI" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>AI</span></a> <a href="https://mastodon.radio/tags/Youtube" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Youtube</span></a> <a href="https://mastodon.radio/tags/Video" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Video</span></a>:<br>Prompt-inject <a href="https://mastodon.radio/tags/Copilot" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Copilot</span></a> Studio via email: grab <a href="https://mastodon.radio/tags/Salesforce" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Salesforce</span></a><br><a href="https://www.youtube.com/watch?v=jH0Ix-Rz9ko" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://www.</span><span class="">youtube.com/watch?v=jH0Ix-Rz9ko</span><span class="invisible"></span></a><br><a href="https://mastodon.radio/tags/infosec" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>infosec</span></a> <a href="https://mastodon.radio/tags/chatbots" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>chatbots</span></a> <a href="https://mastodon.radio/tags/agentic" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>agentic</span></a> <a href="https://mastodon.radio/tags/llm" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>llm</span></a> <a href="https://mastodon.radio/tags/PromptInjection" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>PromptInjection</span></a></p>
Andy Engin Utkan<p><strong>Why Is Everyone Talking About Salesforce Flow Approvals?</strong></p><p>In the Spring ’25 release, Salesforce introduced Flow Approvals to replace the legacy approval processes. This approval platform was based on the orchestration functionality. I recorded and released two videos and posts to share this functionality on Salesforce Break. The videos saw great interest from the community, they are about to reach 20K views soon. So, why is everyone talking about flow approvals?</p><p>There are multiple reasons:</p><ol><li>Flow approvals are orchestration-based, but they are entirely free unlike other orchestrations.</li><li>Legacy approvals are really old. Salesforce has not been investing in them. They are past due for a remake.</li><li>Legacy approvals are limited. To enhance the functionality, clients had to use AppExchange solutions or paid alternatives by Salesforce like advanced approvals for CPQ.</li><li>Flow approvals allow for parallel approvals, dynamic steps, and flexibility in the approval process.</li></ol><p>This is why I decided to create more content in this area, starting with:</p><ol><li>A live course that teaches Flow Approval processes in depth, with hands-on practice. See the details <a href="https://flow-canvas.com/salesforce-flow-approvals-crash-course/" rel="nofollow noopener" target="_blank">here</a>, and reach out if you’re interested.</li><li>Additional resources focused on solutions that bridge the gaps between Flow Approvals and Legacy Approvals, addressing the limitations of the new platform.</li></ol><p>Here is the first post detailing a solution filling one of the gaps.</p><p><strong>Flow Approvals Don’t Provide Sufficient Detail In The Related Lists</strong></p><p>Here is the first point I would like to address: Flow approvals don’t provide good detailed information in the related lists of the object record like the legacy approvals did.</p><p><strong>Solution:</strong> Build a screen flow with reactive data tables to show the approval submission records and their related records. Add the screen flow to a tab on the record page.</p><p>Salesforce provided a component that can be added to the record page. It is called the Approval Trace component. This provides some information about the approval process, but is not customizable. I asked myself how I can go beyond that, and decided to build a reactive screen flow with data tables to fill this functionality gap. Here is what the output looks like:</p><p><em></em></p><p>To build and deploy this flow, you need to follow these steps:</p><ol><li>Build the screen flow.</li><li>Build the autolaunched flow that will fetch the data you will need. This flow will be used as the screen action in step one.</li><li>After testing and activation, add the screen flow to the record page.</li></ol><p>If you have never built a screen flow with screen actions before, let me be the first one to tell you that step one and two are not really completed in sequence. You go back and forth building these two flows.</p><p>Let’s get started.</p><p><strong>Build the Flow Approval Submission Screen Flow</strong></p><p>What I usually do, when building these flows is that I first get the screen flow started. Then I build the autolaunched flow, and go back to the screen flow to build out the rest of the functionality. The reason is that the screen flow data tables will need the outputs from the autolaunched flow to be fully configured.</p><p>This is what the screen flow looks like, once it is completed.</p><p>For now, you can just ignore the loop section. This is there to ensure that there is a default selection for the first data table, when the flow first runs.</p><p>This is the structure of the flow excluding that part:</p><ol><li>Get all approval submission records for the recordId that will be provided as input into the flow.</li><li>Check if there are approval submissions found.</li><li>Display a screen saying “no records were found,” if the get returns null.</li><li>Display a reactive screen mainly consisting of three data tables with conditional visibility calling an autolaunched flow as a screen action.</li></ol><p>Here is what this screen looks like:</p><p></p><p>After you build, test, and activate the autolaunched flow, configure the screen action under the screen properties as shown below.</p><p></p><p><strong>How the Loop Section Works</strong></p><p>The first data table has an input parameter that determines the default selection, when the flow first runs. This is a record variable representing one of the members of the collection record variable that supplies the data. You need to loop the collection of records to get to the record variable. Follow these steps:</p><ol><li>Loop the collection record variable which is the output of your get step. Sort the data by last modified date in your get step.</li><li>Assign the first member to a record variable.</li><li>Exit the loop without condition. Connect the path to the next element outside the loop.</li><li>Add the resulting record variable to the default selection parameter under the configure rows section of your data table.</li></ol><p>This loop always runs once, setting the default selection to the most recent approval submission. This populates the related data tables when the flow first runs.</p><p><strong>Build the Screen Action Autolaunched Flow for Related Lists</strong></p><p>The autolaunched flow receives a single approval submission recordId as input. Then it gets the related records and data the screen flow needs, and returns the data as output.</p><p>Here is a screenshot of the autolaunched flow.</p><p></p><p>This flow executes the following steps:</p><ol><li>Gets the approval submission data.</li><li>Gets the user data for the submitter to resolve the full name.</li><li>Gets approval work items.</li><li>Checks null and sets a boolean (checkbox) variable when the get returns null. The output uses this variable to control conditional visibility of the relevant data table. If found this method yields the best results.</li><li>Get approval submission details.</li><li>Checks null and sets a boolean variable when the get returns null. This variable is then used in the output to drive conditional visibility of the relevant data table.</li><li>Assigns the get results to output collection record variables.</li></ol><p><strong>Final Deployment Steps</strong></p><p>After testing and activating the autolaunched flow, you need to add the flow to the screen flow as the screen action. The flow input will be fed from the selection of the first data table. You will see that this step will make all the outputs of the autolaunched flow available for the screen flow. Using these outputs build the additional two data tables and configure the conditional visibility.</p><p>After testing and activating your screen flow, add the flow to the record page on a dedicated new tab (or to a section on an existing tab). Select the checkbox to pass the recordId to the flow. Note that this flow will work with any record for any object.</p><p><strong><span>Limitations and Suggested Improvements</span></strong></p><p>While this screen flow provides a lot of detail and customization options it has two limitations:</p><ol><li>By default, the data table does not resolve and display record names in lookup fields when you add these fields as columns. To address this, I added the submitter’s full name in a read-only text field for display on the screen. Workaround: Create formula fields on the object and display those in the data table.</li><li>The data tables do not provide a clickable link. Combined with the limitation above, you can create a formula field on the object to address both of these gaps: show the record name and make it a clickable link. Here is the formula example you need for this (shout out goes to <a href="https://www.linkedin.com/in/bradleyrweller/" rel="nofollow noopener" target="_blank">Brad Weller</a> for his contribution): <code>HYPERLINK("/" &amp; Id, Name, '_self')</code></li></ol><p>While I wanted to make these additions to these flows, I did not want to add custom fields to the objects. It should be your decision whether you want to do that or not.</p><p><strong>Install the Package to Your Dev Org</strong></p><p>Here is the second generation unprotected package for these two flows that you can install in your Dev Org:</p><p><a href="https://login.salesforce.com/packaging/installPackage.apexp?p0=04tWs000000ZlQfIAK" rel="nofollow noopener" target="_blank">Install the Unprotected 2GP</a></p><p>For a more visual walk through of how these flows are built, watch the Salesforce Break YouTube video below.</p><p></p><p>With Salesforce phasing out legacy approvals, mastering Flow Approvals is essential to keep your org’s processes modern, flexible, and future-ready. Gain the confidence to handle any approval challenge with solutions that work seamlessly in real-world Salesforce environments <a href="https://flow-canvas.com/salesforce-flow-approvals-crash-course/" rel="nofollow noopener" target="_blank">HERE</a>.</p><p>Explore related content:</p><p><a href="https://salesforcebreak.com/2025/02/12/approval-salesforce-flow-approval-process/" rel="nofollow noopener" target="_blank">Supercharge Your Approvals with Salesforce Flow Approval Processes</a></p><p class=""><a href="https://salesforcebreak.com/2025/07/30/dmls-have-criteria-conditions-other-than-id/" rel="nofollow noopener" target="_blank">When Your DMLs Have Criteria Conditions Other Than Id</a></p><p><a href="https://salesforcebreak.com/2025/03/18/start-autolaunched-flow-approvals-from-a-button/" rel="nofollow noopener" target="_blank">Start Autolaunched Flow Approvals From A Button</a></p><p><a href="https://salesforcebreak.com/2025/05/17/time-data-type-flow/" rel="nofollow noopener" target="_blank">Get Ready for the New Time Data Type – Summer ‘25 Flow Goodness</a></p><p><a rel="nofollow noopener" class="hashtag u-tag u-category" href="https://salesforcebreak.com/tag/autolaunched-flow/" target="_blank">#AutolaunchedFlow</a> <a rel="nofollow noopener" class="hashtag u-tag u-category" href="https://salesforcebreak.com/tag/flow-approvals/" target="_blank">#FlowApprovals</a> <a rel="nofollow noopener" class="hashtag u-tag u-category" href="https://salesforcebreak.com/tag/flow-builder/" target="_blank">#FlowBuilder</a> <a rel="nofollow noopener" class="hashtag u-tag u-category" href="https://salesforcebreak.com/tag/salesforce/" target="_blank">#Salesforce</a> <a rel="nofollow noopener" class="hashtag u-tag u-category" href="https://salesforcebreak.com/tag/salesforce-admins/" target="_blank">#SalesforceAdmins</a> <a rel="nofollow noopener" class="hashtag u-tag u-category" href="https://salesforcebreak.com/tag/salesforce-developers/" target="_blank">#SalesforceDevelopers</a> <a rel="nofollow noopener" class="hashtag u-tag u-category" href="https://salesforcebreak.com/tag/salesforce-tutorials/" target="_blank">#SalesforceTutorials</a></p>
Opalsec :verified:<p>I find the ShinyHunters (UNC6040/UNC6240) Salesforce Campaign really interesting, because it highlights the impact of two key threat vectors/types that - in my conversations , at least - aren't being accounted for by traditional TI teams.</p><p>1. Data Theft &amp; Extorsion Actors<br>2. Actors capitalising on 3rd Party Platform Applications</p><p>Curious to know - do your orgs track and threat model opportunistic Data Theft and Extorsion Actors, or just focus on the APTs and ransomware groups of the world?</p><p>The largest ransom payment in history was $75 million to the Dark Angels Ransomware group in 2024, purportedly by pharma giant Cencora. With 27TB of corporate data stolen from the org and no mention of ransomware being deployed, the eye-watering payment was to prevent leaking/sale of the stolen data which included customer "names, addresses, dates of birth, diagnoses, prescriptions and medications."</p><p><a href="https://www.bloomberg.com/news/articles/2024-09-18/gang-got-75-million-for-cencora-hack-in-largest-known-ransom" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://www.</span><span class="ellipsis">bloomberg.com/news/articles/20</span><span class="invisible">24-09-18/gang-got-75-million-for-cencora-hack-in-largest-known-ransom</span></a></p><p>The group weren't well known prior to the attack, and the absence of ransomware being deployed highlights the need to prioritise the identification and protection of sensitive data and customer PII - agnostic of whatever group might seek to target it.</p><p>Also, we're all aware of Malicious OAuth applications in o365, but are your orgs aware of; monitoring, and locking down 3rd party platform integrations?</p><p>For those unaware of the campaign, here's the AI-generated TLDR of a Google report in the activity: <a href="Https://cloud.google.com/blog/topics/threat-intelligence/voice-phishing-data-extortion" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible"></span><span class="ellipsis">Https://cloud.google.com/blog/</span><span class="invisible">topics/threat-intelligence/voice-phishing-data-extortion</span></a></p><p>Threat Summary: UNC6040/ShinyHunters Voice Phishing and Data Extortion Campaign</p><p>Key Points &amp; Technical Summary:</p><p>A financially motivated threat cluster, tracked by Google as UNC6040, has been conducting a widespread campaign targeting organizations' Salesforce CRM instances. The campaign's primary objective is large-scale data theft for the purpose of extortion, which is carried out by a related cluster, UNC6240. This group often uses the moniker ShinyHunters in their communications with victims.</p><p>The core of the attack vector is a sophisticated voice phishing (vishing) campaign. The threat actors impersonate corporate IT support personnel in phone calls to employees of the targeted organization. </p><p>The primary technical steps of the attack are as follows:<br> * Social Engineering: The actor guides the targeted employee to Salesforce's connected app setup page.<br> * Malicious App Authorization: The employee is convinced to authorize a malicious version of the "Data Loader" application. This is done by having the employee enter a connection code provided by the attacker, which links the attacker-controlled application to the victim's Salesforce environment.<br> * Data Exfiltration: Once the malicious app is authorized, UNC6040 gains significant API access, allowing them to query and exfiltrate sensitive data from the Salesforce instance. While initially leveraging modified versions of the Salesforce Data Loader, the group has evolved its tooling to include custom Python-based scripts for data extraction.<br> * Anonymization: The attackers utilize services like Mullvad VPN and TOR exit nodes to initiate the vishing calls and for data exfiltration, complicating attribution and tracking efforts.<br> * Extortion: Following the data theft, UNC6240 initiates contact with the victim organization, demanding a ransom payment in Bitcoin, typically within a 72-hour timeframe, to prevent the public release of the stolen data. The group is also reportedly preparing to launch a dedicated data leak site to increase pressure on victims.</p><p>Additional Context &amp; Related Activity</p><p>Activity Cluster:</p><p>The activity is attributed to the cluster pair UNC6040 (initial access and data theft) and UNC6240 (extortion). This group leverages the reputation of the well-known ShinyHunters extortion group to intimidate victims. The cluster is financially motivated and has demonstrated a growing sophistication in its social engineering tactics and technical tooling.</p><p>Other Compromises &amp; Targets:</p><p>This campaign has impacted numerous high-profile organizations across various sectors. Besides Google, other publicly confirmed victims of this campaign include:<br> * Cisco<br> * Chanel<br> * Adidas</p><p>The targeting appears to be opportunistic, focusing on multinational corporations that are heavy users of Salesforce CRM. There has been an initial focus on English-speaking employees.</p><p>Techniques &amp; TTPs:</p><p>Beyond the core vishing-to-malicious-app-authorization chain, other observed Tactics, Techniques, and Procedures (TTPs) include:<br> * Credential Targeting: In some cases, the actors have targeted Okta credentials, likely obtained through prior infostealer malware infections or separate phishing campaigns.<br> * Lateral Movement: Using compromised credentials, the actors have been observed moving laterally within victim networks to access and exfiltrate data from other systems, including Microsoft 365.<br> * Reconnaissance: The group conducts thorough reconnaissance to craft convincing narratives, identifying internal application names and IT support procedures to make their vishing calls more credible.</p><p>Timeline:<br> * June 4, 2025: Google's Threat Intelligence Group (GTIG) first publishes a warning about the rise in vishing and extortion activity targeting Salesforce customers, designating the threat actor as UNC6040.<br> * June 2025: Google becomes a victim of the same campaign, with one of its own corporate Salesforce instances being breached. The compromised data was related to small and medium-sized business contacts.<br> * July 24, 2025: Cisco identifies a similar breach of its CRM system resulting from a vishing attack.<br> * Early August 2025: Google, Cisco, and other victims publicly disclose the breaches. Google updates its original blog post to include the fact that it was also a victim. Extortion demands from UNC6240/ShinyHunters follow these disclosures.</p><p><a href="https://infosec.exchange/tags/CyberSecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>CyberSecurity</span></a> <a href="https://infosec.exchange/tags/ThreatIntelligence" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>ThreatIntelligence</span></a> <a href="https://infosec.exchange/tags/ShinyHunters" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>ShinyHunters</span></a> <a href="https://infosec.exchange/tags/DataExtortion" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>DataExtortion</span></a> <a href="https://infosec.exchange/tags/SalesforceSecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>SalesforceSecurity</span></a> <a href="https://infosec.exchange/tags/Vishing" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Vishing</span></a> <a href="https://infosec.exchange/tags/ThirdPartyRisk" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>ThirdPartyRisk</span></a> <a href="https://infosec.exchange/tags/ThreatModeling" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>ThreatModeling</span></a> <a href="https://infosec.exchange/tags/IncidentResponse" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>IncidentResponse</span></a> <a href="https://infosec.exchange/tags/UNC6040" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>UNC6040</span></a> <a href="https://infosec.exchange/tags/UNC6240" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>UNC6240</span></a> <a href="https://infosec.exchange/tags/Ransomware" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Ransomware</span></a> <a href="https://infosec.exchange/tags/Salesforce" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Salesforce</span></a> <a href="https://infosec.exchange/tags/InformationSecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>InformationSecurity</span></a> <a href="https://infosec.exchange/tags/Infosec" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Infosec</span></a> <a href="https://infosec.exchange/tags/Cybersec" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Cybersec</span></a> <a href="https://infosec.exchange/tags/ThreatIntel" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>ThreatIntel</span></a><br><a href="https://infosec.exchange/tags/Cisco" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Cisco</span></a> <a href="https://infosec.exchange/tags/Google" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Google</span></a> <a href="https://infosec.exchange/tags/CyberAttack" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>CyberAttack</span></a></p>
Dissent Doe :cupofcoffee:<p>And poof! They're gone. </p><p>The Telegram channel for ScatteredSpider Lapsus$ Sp1d3rhunters is gone. </p><p>But there is nothing in its place that says it was removed for violating Telegram's Terms of Service, so it may be that they removed it themselves. (Updating: Scattered Spider says it was banned).</p><p>A second related account is also suddenly deleted. Their discussion channel is still there at this time.</p><p>Reorganizing? Maybe. We'll see. </p><p><a href="https://infosec.exchange/tags/ShinyHunters" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>ShinyHunters</span></a> <a href="https://infosec.exchange/tags/ScatteredSpider" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>ScatteredSpider</span></a> <a href="https://infosec.exchange/tags/lapsus" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>lapsus</span></a> <br><a href="https://infosec.exchange/tags/Salesforce" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Salesforce</span></a> <a href="https://infosec.exchange/tags/Snowflake" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Snowflake</span></a> <a href="https://infosec.exchange/tags/hack" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>hack</span></a> <a href="https://infosec.exchange/tags/extortion" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>extortion</span></a></p>
securityaffairs<p><a href="https://infosec.exchange/tags/Google" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Google</span></a> confirms <a href="https://infosec.exchange/tags/Salesforce" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Salesforce</span></a> CRM breach, faces extortion threat<br><a href="https://securityaffairs.com/181017/data-breach/google-confirms-salesforce-crm-breach-faces-extortion-threat.html" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">securityaffairs.com/181017/dat</span><span class="invisible">a-breach/google-confirms-salesforce-crm-breach-faces-extortion-threat.html</span></a><br><a href="https://infosec.exchange/tags/securityaffairs" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>securityaffairs</span></a> <a href="https://infosec.exchange/tags/hacking" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>hacking</span></a></p>
ResearchBuzz: Firehose

Ars Technica: Google discovered a new scam—and also fell victim to it. “In June, Google said it unearthed a campaign that was mass-compromising accounts belonging to customers of Salesforce. The means: an attacker pretending to be someone in the customer’s IT department feigning some sort of problem that required immediate access to the account. Two months later, Google has disclosed that it, […]

https://rbfirehose.com/2025/08/09/ars-technica-google-discovered-a-new-scam-and-also-fell-victim-to-it/

ResearchBuzz: Firehose | Individual posts from ResearchBuzz · Ars Technica: Google discovered a new scam—and also fell victim to it | ResearchBuzz: Firehose
More from ResearchBuzz: Firehose
#cybersecurity#databreaches#enterprisecybersecurity
PrivacyDigest

#Google discovered a new #scam —and also fell victim to it

In June, Google said it unearthed a campaign that was mass-compromising accounts belonging to customers of #Salesforce. The means: an attacker pretending to be someone in the customer's IT department feigning some sort of problem that required immediate access to the account. Two months later, Google has disclosed that it, too, was a victim.
#privacy

arstechnica.com/information-te

Ars Technica · Google discovered a new scam—and also fell victim to itBy Dan Goodin
*
Dissent Doe :cupofcoffee:

(exclusive):

ShinyHunters sent Google an extortion demand; Shiny comments on current activities

In a long chat yesterday, Shiny touched on Google, France, Australia and the Qantas injunction, and the NSA's alleged attempts at voice analysis:

databreaches.net/2025/08/08/sh

#ShinyHunters #ScatteredSpider #Salesforce #Google #LVMH #Qantas

@campuscodi @lawrenceabrams @zackwhittaker @euroinfosec @kevincollier

knoppix

Google confirms a data breach via its Salesforce system, attributing the attack to hacker group ShinyHunters 🛡️💥
Stolen info includes SMB contact details—no sensitive data reported.
Attackers used voice phishing to access cloud databases 🎯

Part of a wider pattern of Salesforce-targeted breaches.

@zackwhittaker
@Techcrunch@flipboard.com
@techcrunch@threads.net

techcrunch.com/2025/08/06/goog

TechCrunch · Google says hackers stole its customers' data by breaching its Salesforce database | TechCrunch
More from Zack Whittaker
#Google#CyberSecurity#DataBreach
TrendingLive feeds
About