Tag: thirdpartyrisk
51 articles

ransomware attack: Stunning Risk to European Airports
ENISA says ransomware knocked out check‑in systems at major European airports, forcing staff to go manual and stranding travellers in long queues. The disruption highlights how legacy IT and weak vendor security can turn a cyberattack into a real‑world travel crisis.

supply chain attack: Stunning, Risky Threat to Passengers
LNER has confirmed a supply-chain attack on a third-party supplier exposed some customers’ contact and journey details, and the company is notifying those affected and offering support. If trusted partners can become breach points, passengers are rightly asking who’s protecting their privacy.

ransomware attack Devastating Threat to Brazilian Health
A ransomware attack by KillSec on Brazilian health‑care vendor MedicSolution has disrupted appointments, billing and medical records across multiple clinics, creating delays that could harm patients and strain clinicians. It’s a wake‑up call that hospitals and small clinics need stronger vendor security, backups and coordinated incident response to prevent repeat outages.

Salesloft GitHub repository Massive Risky Breach
A March compromise of a Salesloft GitHub repo was used to pivot into Drift, touching hundreds of companies — including Google, Palo Alto Networks and Cloudflare — and exposing how fragile software supply chains and leaked tokens can be. Now’s the time to assume compromise: scan repos for secrets, rotate credentials, lock down permissions, and demand better transparency from your vendors.

Salesloft and Drift Risky Breach: Must-Have Defenses
When attackers siphoned customer data from Salesloft and Drift this week and impacted security names like Qualys and Tenable, it became painfully clear that your defenses are only as strong as the third‑party tools your team uses. Now’s the time to tighten API tokens, enforce MFA, and treat vendor risk as a core part of your security posture before contact lists become high‑value phishing and BEC fodder.

data breach: Stunning Critical Alert for 31,000
A South Carolina school district just confirmed a data breach exposing personal information for about 31,000 students, staff and families—now the community needs quick containment, clear communication and stronger safeguards. Parents should monitor accounts, use any offered identity protection, and press for transparent answers while the district upgrades its cybersecurity.

third-party vendors Risky Exposure: Must-Have Safeguards
A breach of school software isn’t just an IT problem — the Intradev attack that hit Affinity Learning Partnership shows how one supplier failure can expose staff and pupil data, disrupt operations and threaten safeguarding across many schools. Trusts need stronger vendor security and incident plans, and staff should update reused passwords and enable MFA to reduce the impact.

insider breaches: Must-Have Best Protection Guide
Insider breaches are alarmingly common—61% of U.S. companies hit with average losses of $2.7M—so it’s time to stop treating them as fringe risks and adopt practical, people-centered defenses like least privilege, strong identity controls and behavioral monitoring.

Salesloft–Drift incident: Exclusive Risky Wake-Up Call
When a vendor like Salesloft or Drift is breached, even giants like Cloudflare can have customer data exposed — a stark reminder that trusted integrations can become attack paths. Now’s the time to audit third‑party access, rotate tokens, and tighten least‑privilege controls before the next ripple causes real harm.

steal $130 million: Stunning Risky Heist Exposed
Sinqia, one of Brazil’s largest fintech providers, says it stopped an attempt to steal about $130 million from two B2B partners. The near‑heist shows how vulnerable software‑based vaults can be and why hardening third‑party financial systems is urgent.

OAuth token theft: Must-Have Fixes After Risky Breach
When OAuth token theft let attackers roam across integrations, Salesloft temporarily pulled Drift offline to stop the bleeding and fully review security. It’s a wake-up call: short-lived tokens, tighter scopes and rapid rotation are essential to keep integrations—and customer data—safe.

Salesloft/Drift incident: Exclusive Risky Security Wake-Up
Cloudflare confirmed some customer data was exposed after the Salesloft/Drift breach, but key details and the full scope remain unclear — a stark reminder that third‑party compromises can ripple across the cloud ecosystem. Customers should watch for updates and take simple precautions now, like rotating credentials and enabling MFA, while investigations continue.

Salesloft–Drift compromise: Devastating Risk Alert
Trust in the tools that run our businesses can break fast — Zscaler says some customer data was exposed in the Salesloft–Drift supply‑chain attack on Salesforce integrations, a reminder that one upstream breach can ripple across entire enterprise stacks.

OAuth tokens: Must-Have Fixes to Stop Risky Leaks
Palo Alto Networks says some commercially sensitive customer data may have been exposed after attackers used OAuth tokens stolen from the Salesloft Drift breach to access its Salesforce—proof that handy integrations can let a single vendor compromise cascade across your business. Now’s the time to audit connected apps, tighten token lifecycles, and treat integrations as continuously verified trust relationships, not set‑and‑forget conveniences.

Zscaler customer information: Exclusive Risky Breach
Last week’s Salesloft–Salesforce supply‑chain breach that exposed Zscaler customer data is a wake‑up call: attackers are increasingly moving laterally through trusted cloud integrations to harvest high‑value corporate data. Now is the time to map dependencies, tighten access, and embrace zero‑trust before the next incident.

authentication tokens Risky Fallout: Stunning Wake-Up
When Salesloft’s stolen authentication tokens turned into a supply‑chain free‑for‑all, hundreds of companies woke up to the scary truth that machine identities are as precious as passwords. Now’s the time to rotate keys, audit integrations, and rethink how we trust the apps that sit between our teams and their data.

data breach: Stunning Risky Leak Hits 4.5M
TransUnion says a vendor’s hacked app exposed data for about 4.5 million U.S. consumers — a stark reminder that third-party flaws can put your most sensitive financial information at risk. If you’re affected, check your credit, consider freezes or alerts, and watch for notifications about monitoring and identity restoration.

unprepared for a cyberattack: Must-Have Risky Wake-Up Call
58% of organizations say they’re not ready for a cyberattack—putting customer data, operations, and reputations at risk. Boards and security teams must act now with better detection, practiced response plans, and investments in people.

Salt Typhoon Stunning Risks to Global Security
When commercial cloud and hosting services start looking like spy tools, who do you trust—and how do you protect yourself? Recent attributions tie parts of China’s tech ecosystem to the “Salt Typhoon” campaigns, showing how misconfigured or abused legitimate services can quietly power large-scale espionage and why stronger transparency, vetting and cross-border cooperation are urgently needed.

OAuth tokens Risky: Stunning CRM Data Breach Alert
Google says attackers stole OAuth tokens from Salesloft’s Drift app to siphon Salesforce CRM records, leaving customers scrambling as missing or altered data disrupts sales operations. It’s a sharp reminder that convenient third‑party integrations can become powerful attack vectors unless tokens, permissions and vendor vetting are tightly managed.

credential-theft campaign: Exclusive Salesforce Risk
Google warns of a credential-theft campaign that abused a Salesloft integration to phish Salesforce logins — a wake-up call that third-party apps can be your weakest link. Audit connected apps, enforce MFA, and tighten permissions now before attackers pivot from integrations into your CRM.

Electronics supply chains Must-Have Shield: Best Defense
When a specialist like Data I/O is knocked offline by ransomware, production lines and device launches can grind to a halt—reminding tech companies to tighten supplier security, demand transparency, and build redundancy before the next outage.

CRM platform Risky Breach: Stunning Contact Exposure
Workday says its core systems were untouched, but a third-party CRM was breached — exposing business contacts that could fuel phishing, BEC and credential-stuffing attacks. Treat contact data as compromised: tighten MFA, audit integrations, and warn teams to watch for targeted social engineering.

Workday CRM breach: Stunning Critical Risk Revealed
Workday says attackers accessed vendor-run CRM tools that support its customers, potentially exposing contact and support data — a stark reminder that even trusted platforms can be vulnerable through third-party integrations. If you use Workday, assume elevated risk, tighten vendor controls, and watch for suspicious communications while the investigation continues.