Cyberside Chats: Cybersecurity Insights from the Experts
 

Cyberside Chats: Cybersecurity Insights from the Experts

https://www.chatcyberside.com/feed.xml

1.7K

Downloads

43

Episodes

Stay ahead of the latest cybersecurity trends with Cyberside Chats! Listen to our weekly podcast every Tuesday at 6:30 a.m. ET, and join us live once a month for breaking news, emerging threats, and actionable solutions. Whether you’re a cybersecurity professional or an executive looking to understand how to protect your organization, cybersecurity experts Sherri Davidoff and Matt Durrin will help you stay informed and proactively prepare for today’s top cybersecurity threats, AI-driven attack and defense strategies, and more!

Join us monthly for an interactive Cyberside Chats: Live! Stay tuned for our next session to be announced soon.

Episodes

The Saga Continues: More Dirt on the Salesforce–Drift Breach

Tuesday Sep 16, 2025

Tuesday Sep 16, 2025

When we first covered the Salesforce–Drift breach, we knew it was bad. Now it’s clear the impact is even bigger. Hundreds of organizations — including Cloudflare, Palo Alto Networks, Zscaler, Proofpoint, Rubrik, and even financial firms like Wealthsimple — have confirmed they were affected. The root cause? A compromised GitHub account that opened the door to Drift’s AWS environment and gave attackers access to Salesforce and other cloud integrations. 

In Part 2, Sherri Davidoff and Matt Durrin dig into the latest updates: what’s new in the investigation, why more victim disclosures are coming, and how the GitHub compromise ties into a wider trend of supply chain attacks like GhostAction. They also share practical advice for what to do if you’ve been impacted by Drift — or if you want to prepare for the next third-party SaaS compromise. 

Tips for SaaS Incident Response: 

  1. Treat this as an incident: don’t wait for vendor confirmation before acting. There may be delays in vendor disclosure, so act quickly. 
  2. Notify your cyber insurance provider
    • Provide notice as soon as possible
    • Insurers may share early IOCs, coordinate with vendors, and advocate for your org alongside other affected clients. 
    • They can also connect you with funded IR and legal resources. 
  3. Engage external support
    • Bring in your IR firm to investigate and document. 
    • Work with legal counsel to determine if notification obligations are triggered. 
  4. Revoke and rotate credentials
    • Cycle API keys, OAuth tokens, and active sessions. 
    • Rotate credentials for connected service accounts. 
  5. Inventory your data
    • Identify what sensitive Salesforce (or other SaaS) data is stored. 
    • Check whether support tickets, logs, or credentials were included. 
  6. Search for attacker activity
    • Review advisories for malicious IPs, user agents, and behaviors. 
    • Don’t rely solely on vendor-published IOCs — they may be incomplete. 

 

References: 

#salesforcehack #salesforce #SalesforceDrift #cybersecurity #cyberattack #databreaches #datasecurity #infosec #informationsecurity

Comment (0)

No comments yet. Be the first to say something!

Copyright 2024 All rights reserved.

Version: 20241125