Google says the same OAuth token compromise that enabled Salesforce data theft also let hackers access a small number of Workspace accounts via the Salesloft Drift integration. The post Google Confirms Workspace Accounts Also Hit in Salesforce–Salesloft Drift Data Theft Campaign appeared first on SecurityWeek.

The credit reporting firm did not name the third-party application involved in the incident, only noting that it was used for its US consumer support operations. The post TransUnion Data Breach Impacts 4.4 Million appeared first on SecurityWeek.

State officials confirm ransomware forced office closures, disrupted services, and led to data theft, as Nevada works with CISA and law enforcement to restore critical systems. The post Nevada Confirms Ransomware Attack Behind Statewide Service Disruptions appeared first on SecurityWeek.

US Treasury sanctions Russian and Chinese entities tied to North Korea’s use of fake IT workers, who exploited stolen identities, AI, and malware to funnel millions back to Pyongyang. The post US Sanctions Russian National, Chinese Firm Aiding North Korean IT Workers appeared first on SecurityWeek.

Storm-0501 has been leveraging cloud-native capabilities for data exfiltration and deletion, without deploying file-encrypting malware. The post Ransomware Group Exploits Hybrid Cloud Gaps, Gains Full Azure Control in Enterprise Attacks appeared first on SecurityWeek.

I just heard about this: There’s a travel scam warning going around the internet right now: You should keep your baggage tags on your bags until you get home, then shred them, because scammers are using luggage tags to file fraudulent claims for missing baggage with the airline. First, theRead More »Baggage Tag Scam