Salesforce-Salesloft Drift integration compromised. Antropic shares examples of AI use in malware. US private sector possibly going on the (cyber) offensive.  

News

Hi folks,

Good to be here again, thanks for having me and all that :-) Security news time!

Salesforce-Salesloft Drift integration compromised en masse.

Read the article (cyberscoop.com)

If you use Salesforce where you work, definitely investigate if you use Salesloft Drift. I'm not too familiar with the Salesforce ecosystem, but it seems that many companies were impacted, including TransUnion with 4.4 million impacted people and some Google Workspace accounts.

Attackers stole OAuth tokens for Salesloft Drift's AI chat integration with Salesforce, and used those to get access to the actual Salesforce instances, where they executed queries against Salesforce objects, including the Cases, Accounts, Users, and Opportunities tables. Drift Email integrations were also compromised.

Google explicitly advises to "treat every authentication token stored in or connected to the platform as compromised". Salesloft and Salesforce also revoked all Drift-related tokens and removed the app from Salesforce’s AppExchange while investigating further.

Malware devs abuse Anthropic’s Claude AI to build ransomware

Read the article (bleepingcomputer.com)

Anthropic shared a number of incidents where it caught its AI being used for malicious purposes. One of the cases describes someone essentially vibe-coding a ransomware strain and a ransomware-as-a-service module, relying on the AI to provide the more complicated and stealthier techniques. The results were then put on sale on a hacker forum.

Another case describes using Anthropic to analyse ransomware data to help them set a good number for a ransom demand, based on the companies financials that the AI analysed. In another case, someone asked the AI to help write "high emotional intelligence" replies to execute romance scams, and helping out with translations.

Not super surprising, but interesting to see it all lined up like this. Anthropic banned the accounts and is tuning its filters to detect this earlier, but I'm sure it's a game of whack-a-mole.

Google previews cyber ‘disruption unit’ for US gov offensive actions

Read the article (cyberscoop.com).

This definitely raised my eyebrows. It's all a bit vague, but the gist of it seems to be that US private industry might offer offensive cybersecurity services to the US government.

There are a lot of opinions on this, and a lot of murky lines between "active defense" and "hacking back". Considering the current political climate though, I wouldn't be too surprised if this became a thing, similar to what China seems to be doing with their Salt Typhoon efforts.

Quick links

  • Anthropic’s auto-clicking AI Chrome extension raises browser-hijacking concerns: link.
  • CISA warns of actively exploited Git code execution flaw: link.
  • Spanish government cancels €10m contract using Huawei equipment: link.
  • Microsoft to enforce MFA for Azure resource management in October: link.

That was it for this week. Thank you for reading, and as always thanks to 1Password for being an awesome password manager and a wonderful sponsor.

Have a good week everyone!

Cheers,

Dieter

No spam, ever. We'll never share your email address and you can opt out at any time.