Conversation

Notices

1. Embed this notice
   Kevin Beaumont (gossithedog@cyberplace.social)'s status on Friday, 12-Sep-2025 08:31:06 JST Kevin Beaumont

   I’ll say the elephant in the room - due to the sheer amount of Salesforce customers who have been hit, and that Salesforce is a fully SaaS service - Salesforce should have detected and been more proactive about all of their customer’s data being stolen. https://databreaches.net/2025/09/11/exclusive-high-end-fashion-retailers-gucci-balenciaga-brion-and-alexander-mcqueen-hit-by-salesforce-attacks/

   • Embed this notice
     Kevin Beaumont (gossithedog@cyberplace.social)'s status on Friday, 12-Sep-2025 08:31:04 JST Kevin Beaumont

     in reply to

     Snowflake did a really good job with their post incident review of the Snowflake Heist, where their SaaS service got pillaged.

     Out of it they tightened MFA enforcement, Oauth changes, proactive monitoring etc.

     Salesforce and Salesloft need to do the same. They also need better threat intel as the LAPSUS kids were quite openly talking about what they were doing.

   • Embed this notice
     Kevin Beaumont (gossithedog@cyberplace.social)'s status on Friday, 12-Sep-2025 08:34:08 JST Kevin Beaumont

     in reply to

     The Snowflake heist thread, for reference: https://cyberplace.social/@GossiTheDog/112536407633131499

   • Embed this notice
     Kevin Beaumont (gossithedog@cyberplace.social)'s status on Friday, 12-Sep-2025 08:36:01 JST Kevin Beaumont

     in reply to

     Also, deleted all your data from SaaS platforms before you leave. https://infosec.exchange/@badsamurai/115188274209312838

   • Embed this notice
     Jake Hildreth (acorn) :blacker_heart_outline: (horse@infosec.exchange)'s status on Friday, 12-Sep-2025 09:23:42 JST Jake Hildreth (acorn) :blacker_heart_outline:

     in reply to

     • da_667
     • John Timaeus

     @johntimaeus @da_667 @GossiTheDog if you get hired at the right one, you can work at all three

   • Embed this notice
     da_667 (da_667@infosec.exchange)'s status on Friday, 12-Sep-2025 09:23:43 JST da_667

     in reply to

     @GossiTheDog also, they're hiring for security staff, and paying pretty well to boot. I know I saw at least one entry for a sr. security engineer in linkedin recently.

   • Embed this notice
     John Timaeus (johntimaeus@infosec.exchange)'s status on Friday, 12-Sep-2025 09:23:43 JST John Timaeus

     in reply to

     • da_667

     @da_667 @GossiTheDog

     Are the jobs at Salesforce, Snowflake, or LAPSUS?
     Asking for a friend.

   • Embed this notice
     John Timaeus (johntimaeus@infosec.exchange)'s status on Friday, 12-Sep-2025 09:24:10 JST John Timaeus

     in reply to

     • Jake Hildreth (acorn) :blacker_heart_outline:
     • da_667

     @horse @da_667 @GossiTheDog

     Like sub-contracting, only without the contract?

   • Embed this notice
     fuzzyfuzzyfungus (fuzzyfuzzyfungus@cyberplace.social)'s status on Friday, 12-Sep-2025 09:26:55 JST fuzzyfuzzyfungus

     in reply to

     @GossiTheDog It's minor compared to hospital ransomware and industrial disruption; but I have to wonder if someone is combing through those fashion brand sales data right now because that product category is basically ground zero for "I have disposable income that I may be spending on my not-spouse". It'd be a real pain vs. a single large payout from some sleazy IR bagman; but quite low risk and sophistication.