FBI Warns of Data Theft Attacks on Salesforce Platforms

The U.S. Federal Bureau of Investigation (FBI) has issued a flash alert to release indicators of compromise (IoCs) associated with two cybercriminal groups tracked as UNC6040 and UNC6395 for a string of data theft and extortion attacks. "Both groups have recently been observed targeting organizations' Salesforce platforms via different initial access mechanisms," the FBI said. UNC6395 is a threat group that has been attributed a widespread data theft campaign targeting Salesforce instances in August 2025 by exploiting compromised OAuth tokens for the Salesloft Drift application. In an update issued this week, Salesloft said the attack was made possible due to the breach of its GitHub account from March through June 2025. https://lnkd.in/g-pnsPAC

The Federal Bureau of Investigation (FBI) has issued a flash alert to release indicators of compromise (IoCs) associated with two cybercriminal groups tracked as UNC6040 and UNC6395 for a string of data theft and extortion attacks. "Both groups have recently been observed targeting organizations' Salesforce platforms via different initial access mechanisms," the FBI said. UNC6395 is a threat group that has been attributed a widespread data theft campaign targeting Salesforce instances in August 2025 by exploiting compromised OAuth tokens for the Salesloft Drift application. In an update issued this week, Salesloft said the attack was made possible due to the breach of its GitHub account from March through June 2025. https://lnkd.in/e9W78jYW

India’s AI fraud landscape in 2025 is witnessing an unprecedented surge driven by voice cloning, deepfake scams, and large-scale social engineering, as highlighted by Jain Cyber Solutions’ latest infographics. This LinkedIn article explores key trends, financial impacts, and practical prevention tips, aiming to educate industry leaders and the public on the rapidly evolving threat environment. Stark Rise of AI-Powered Frauds AI-driven cybercrime is transforming how scams are perpetrated across India in 2025, with a 75% spike seen in voice cloning frauds targeting individuals and organizations alike. Sophisticated generative AI allows attackers to accurately mimic voices, creating fake distress calls that exploit emotional bonds and urgency, leading to significant financial losses. Simultaneously, deepfakes—realistic AI-generated videos and images—are facilitating new tactics for financial fraud, identity theft, and corporate impersonation. In particular, more than ₹500 crore has already been lost via deepfake scams on social media, and a projected 50% of financial fraud may soon be directly tied to AI technologies. The Financial Toll Is Staggering Cybercrime statistics shown in the Jain Cyber Solutions report align with industry findings indicating that India could lose as much as ₹70,000 crore to deepfake-driven fraud this year alone.The scale is amplified by the proliferation of digital payments, shifting fraud tactics from basic phishing to multi-layered, AI-augmented scams, affecting not just urban centers but tier 2/3 cities as well. Prevention: A Collective Responsibility As digital transformation accelerates, it is crucial for everyone—from enterprises to everyday citizens—to strengthen their cyber defenses. Jain Cyber Solutions recommends three practical strategies: - Verify Callers: Make it routine to confirm identities via video or codified passwords before acting on urgent requests, especially involving financial transactions. - Secure Data: Adopt strong, unique passwords and enable multi-factor authentication across personal and corporate accounts. - Continuous Education: Stay informed about emerging AI threats, attend cybersecurity seminars, and follow credible sources such as Jain Cyber Solutions for updates. Closing Reflection AI technologies will continue to reshape the cybersecurity landscape, presenting both challenges and opportunities for defenders. Jain Cyber Solutions urges leaders and individuals alike to prioritize awareness, vigilance, and proactive controls. Together, a more secure digital future for India is possible. For further insights and customized solutions, connect with Jain Cyber Solutions and keep pace with the evolution of cyber threats. Sources: Jain Cyber Solutions, National Cybercrime Bureau, Industry Threat Reports (2025) #AIFraud #CybersecurityIndia #DeepfakeThreats #VoiceCloningScam #JainCyberSolutions

Overpass-the-Hash (aka Pass-the-Key) lets adversaries use a stolen NTLM hash to request Kerberos tickets (TGT/TGS), effectively converting a captured hash into Kerberos-based access and moving laterally without needing plaintext credentials. Vulnerabilities & Misconfigurations 🔴 Compromised endpoints that allow LSASS/credential dumping (e.g., Mimikatz) 🔴Excessive local or domain admin rights that enable hash access NTLM allowed and accepted across domains or trusts 🔴Weak segmentation between workstations, servers, and Domain Controllers 🔴Lack of Kerberos hardening (RC4/legacy ciphers permitted) ➡️ Business Impact Once attackers convert a hash into Kerberos tickets, they authenticate like legitimate users across services—rapidly expanding access and enabling persistence, data theft, or ransomware at scale. ➡️ Recent Incident Example Advanced intrusions repeatedly leverage hash-to-ticket techniques to bypass controls and escalate from a single compromised host to domain-level access, prolonging dwell time and complicating incident response. How to Detect It ☑️ Alert on unusual Kerberos requests originating from non-typical hosts or low-privilege accounts. ☑️ Monitor for authentication chains showing NTLM-derived tickets or anomalous AS-REQ/ TGS patterns. ☑️ Flag processes and hosts performing credential dumping (LSASS access, suspicious mimikatz indicators). ☑️ Correlate sudden service ticket requests with prior local admin activity or new tool execution. ☑️ Baseline normal Kerberos behaviour and alert on deviations in ticket lifetime, issuer, or source host. How to Fix & Prevent ✅ Protect secrets: enable LSA protection, Credential Guard, and restrict access to LSASS memory. ✅Reduce hash exposure: remove unnecessary local/domain admin rights and use JIT/JEA for admin tasks. ✅Minimize NTLM usage: disable or restrict NTLM where possible and enforce Kerberos (AES) only. ✅Harden Kerberos: disallow RC4/weak ciphers, enforce strong key policies, and protect KRBTGT credentials. ✅Segment networks and protect Domain Controllers—limit systems that can request or use high-privilege tickets. ✅Implement continuous identity telemetry and rapid remediation workflows to isolate compromised hosts immediately. Overpass-the-Hash turns stolen hashes into full-blown identity abuse. If you’re not monitoring Kerberos anomalies and protecting LSASS access, you’re leaving attackers a low-effort path to domain compromise. #OverpassTheHash #PassTheKey #Kerberos #IdentitySecurity #LateralMovement #ThreatDetection #ActiveDirectory #MITREATTACK #DelaSecurity Learn more: www.delasecurity.com

𝗧𝗼𝗽 𝗔𝘂𝗴𝘂𝘀𝘁 𝟮𝟬𝟮𝟱 𝗖𝘆𝗯𝗲𝗿 𝗔𝘁𝘁𝗮𝗰𝗸𝘀: 𝗗𝗮𝘁𝗮 𝗕𝗿𝗲𝗮𝗰𝗵𝗲𝘀, 𝗥𝗮𝗻𝘀𝗼𝗺𝘄𝗮𝗿𝗲 𝗖𝗮𝘂𝘀𝗲 𝗚𝗹𝗼𝗯𝗮𝗹 𝗟𝗼𝘀𝘀𝗲𝘀 1. Bouygues Telecom Data Breach (France) Attackers breached Bouygues Telecom via phishing, stealing data of 6.4 million customers, including IBANs and contact details. This risks financial fraud and identity theft. Disclosed August 6, 2025. 2. Google Salesforce Data Theft (United States/Global) ShinyHunters used social engineering to steal 2.55 million business contact records from Google’s Salesforce CRM. A $2.3M ransom was demanded, risking downstream fraud. Disclosed August 8, 2025. 3. Dutch Clinical Diagnostics Laboratory Breach (Netherlands) Attackers stole 485,000+ medical records from NMDL, leaking them on the dark web. Sensitive data like citizen service numbers enables identity theft. Disclosed August 6, 2025. 4. Connex Credit Union Data Breach (United States) Intruders exfiltrated data of 172,000 members, including SSNs and debit card details, from Connex Credit Union. This poses severe financial fraud risks. Notifications began August 7, 2025. 5. Nevada State Offices Ransomware Attack (United States) Ransomware hit Nevada state offices, stealing data and disrupting services. No personal data loss reported, but recovery is ongoing with CISA. Reported August 2025. 6. TAOTH Espionage Campaign (East Asia) TAOTH targeted East Asian dissidents via hijacked Sogou Zhuyin updates, deploying malware for data theft. 49% of targets in Taiwan faced espionage risks. Reported August 2025. 7. Dire Wolf Ransomware on MGI Singapore PAC (Singapore) Dire Wolf’s double-extortion ransomware stole 226 GB of auditing data, causing financial and reputational damage. The attack used RaaS tactics. Reported August 8, 2025. 8. Citrix NetScaler Zero-Day Exploitation (Global) A zero-day flaw (CVE-2025-6543) in Citrix NetScaler was exploited, risking unauthorized access and data breaches. Urgent patching was advised globally. Reported August 2025. 9. Passwordstate Authentication Bypass Vulnerability (Global) A critical Passwordstate flaw allowed authentication bypass via crafted URLs, risking credential theft. Click Studios patched it in Build 9972. Fixed August 28, 2025. 10. South Korea Ministry and Telecom Hacks (South Korea) Large-scale attacks hit South Korean ministries and telecoms, with stolen credentials sold on the dark web. This risks national security and data leaks. Reported August 2025. #Cybersecurity #CyberPaper #DataBreach #Ransomware #CyberAttacks #InformationSecurity #DataProtection #CyberThreats #TechNews #SecurityAwareness #TechSkillSchool

Fortinet Issues Alert: AI-Powered Scams on the Rise—Bolster Your Cybersecurity Today KUALA LUMPUR – Fortinet Malaysia’s country manager, Kevin Wong, alerts that Malaysia is witnessing a steep increase in AI-powered frauds endangering the cybersecurity of banks, government entities, SMEs and retailers. Wong highlights that financial bodies and public institutions, custodians of sensitive data, remain primary targets. At the same time, SMEs—often with lean IT teams—are at greater risk since they frequently depend on outdated antivirus tools and manual checks. “In many SMEs, one person manages both IT and security, making ongoing surveillance and swift incident handling difficult,” he said in an email exchange with Bernama. Cybercriminals are leveraging cutting-edge generative AI platforms like FraudGPT and ElevenLabs to design ultra-localised, persuasive scams. These technologies can replicate voices, emulate speech patterns and even create deepfake videos. In Malaysia’s multilingual environment, AI can generate content in Bahasa Malaysia, Mandarin and Tamil, complete with regional accents, colloquialisms and slang. “Familiarity makes these scams far more effective,” Wong added. Consumer-facing businesses and retailers are also experiencing a surge in AI-enhanced phishing, especially during festive periods when e-commerce peaks. Scammers can produce counterfeit delivery notifications, promotional messages or donation appeals customised for each recipient, making it tough to differentiate between genuine and fraudulent communications. Referencing a recent IDC survey, Wong noted that almost half of Malaysian organisations encountered AI-driven attacks over the past year, with many seeing incident counts triple. Looking forward, he warns that ransomware, supply-chain compromises and zero-day vulnerabilities will stay at the forefront. He also predicts a rise in hybrid crimes blending digital and physical components: “We’ll witness more attacks where AI-based social engineering paves the way for physical theft, extortion or even infrastructure sabotage.” Moreover, deepfake-enabled misinformation and identity fraud threaten public confidence and corporate reputation, according to Wong. “As these tools evolve, the instant creation of realistic voice or video content and fake personas will test organisations on every level.” To mitigate these dangers, he advises Malaysian firms to broaden their cybersecurity spending beyond anti-fraud defences. “Security for operational technology, 24/7 security operations centres and comprehensive cloud safeguards remain underfunded. Attackers will capitalise on any vulnerabilities exposed by rapid digital transformation,” Wong concluded. 📊 Market Context & Insight Note: This article was auto-fetched from trusted news sources. For educational purposes only. Please verify with official financial advisors or licensed institutions in Malaysia before making investment decisions. 💡 What This Means for Malaysia...

Fraud is evolving with #AI, deepfakes & synthetic IDs. The new rulebook: stop fraud at identity, not just transactions. Adaptive, risk-based security = less friction for customers, more pain for fraudsters. #cybersecurity #IAM #infosec

AI Isn’t Just Helping Cybercrime - It’s Running the Playbook Anthropic’s latest Threat Intelligence Report is one of the most eye-opening security reads of the year, and it paints a very clear picture: AI is no longer just assisting cybercrime. It’s running the playbook. https://lnkd.in/gJV_Bb5Z Here are a few takeaways: 1. AI-Driven Attacks Are No Longer Hypothetical Anthropic documents how threat actors used agentic AI to run end-to-end ransomware operations: -Scanning and exploiting vulnerabilities -Harvesting credentials and moving laterally -Exfiltrating sensitive data -Crafting ransom demands and even visually alarming boot-level ransom notes One campaign hit 17 organizations in a single month, across government, healthcare, and emergency services, with ransom demands topping $500,000. This is faster, more coordinated, and more scalable than human-only attacks. 2. Fraud Has Become Fully Automated Fraudsters are now running AI-powered scam ecosystems: -Profiling victims from stolen data logs -Creating synthetic identities and deepfakes -Writing emotionally convincing messages across multiple languages -Automating engagement with thousands of potential victims simultaneously This makes social engineering cheaper, faster, and nearly limitless in scale, and it’s directly targeting customers, not just organizations. 3. The Rise of “Ransomware-as-a-Service 2.0” AI has lowered the bar dramatically: ransomware kits with advanced encryption, EDR bypasses, and polished UX are being sold on darknet markets for $400–$1,200. Now, anyone with intent, but no technical skill, can launch enterprise-grade attacks. 4. Nation-State Campaigns at Scale The report ties AI use to nation-state campaigns, including Chinese APT operations targeting critical infrastructure, where AI was involved in 12 of 14 MITRE ATT&CK stages. That means reconnaissance, exploitation, privilege escalation, lateral movement, and exfiltration were all AI-assisted, running continuously for months. What This Means for Security Leaders We are not preparing for this future threat. We are living in it. -Incident response playbooks must evolve, assume faster-moving attacks that blend human and machine decision-making. -Fraud, cyber, and crime insurance need re-evaluation, many social engineering claims are still capped at low sub limits that won’t cover the real loss. -Strong human verification controls (dual authorization, call-backs, out-of-band confirmations) are more important than ever. -Cross-industry intelligence sharing should become part of your strategy; collaboration is a defensive superpower. The report is both sobering and motivating. As CISOs, CIOs, and risk leaders, we need to keep asking: Are our controls, training, and governance evolving as fast as the threat landscape? The adversaries have AI on their side. We must make sure we do too.

Veridas' identity verification platform, with AI-driven fraud prevention, is now available on AWS Marketplace for seamless, secure digital onboarding - https://lnkd.in/gi5daXzs “Live since 2017, our IDV platform already protects more than 300 clients in 25 countries against advanced fraud such as deepfakes and injection attacks, with 100% proprietary technology, global coverage, and international compliance,” said Eduardo Azanza, CEO of Veridas. #AWSMarketplace #DigitalTrust #Veridas #Cybersecurity

Even in the tranquil world of rooks and bishops, cybersecurity is king and the threat of compromise is always looming. Chess.com’s latest breach is a move straight out of the modern digital playbook: not a head-on assault on their fortress, but a clever infiltration via a third-party file transfer app. For two weeks in June 2025, an attacker roamed the board, siphoning personal data from over 4,500 Chess.com users, thankfully, a tiny fraction of their 100 million members, but significant enough to warrant global attention. It’s a reminder that, as enterprises expand, their security perimeter stretches far beyond their own immediate IT assets. As supply chain and third-party integrations multiply, so do the hidden risks. The attack left core Chess.com infrastructure untouched, but underscores that your organization is only as strong as its least-defended partner. The breached data, while reportedly not financial, included names and PII, fodder for identity fraud or phishing campaigns. Chess.com moved quickly: law enforcement notified, forensics engaged, credit monitoring and identity theft protection offered to those affected. That’s industry best practice, but the chess clock doesn’t reset, especially when user trust is the ultimate prize. And with a recent history (2023) of API scraping exposing 800,000 more users, the message is clear: continuous vigilance, not just incident response, is essential. What stands out for leaders and tech practitioners alike is the cascading effect of “minor” vendor breaches, how an obscure weakness in a third-party tool can ripple through an entire ecosystem. This is no longer a hypothetical risk. From SaaS behemoths to niche platforms, supply chain security is the new endgame. Recommendations? Vet vendors with the same rigor you apply internally. Demand transparency about their security measures, audit their incident history, and restrict third-party access to only what’s absolutely necessary. Enforce token expiration and multi-factor authentication. Map out every integration, no matter how seemingly trivial, because each one is a potential breach path. Chess.com’s swift action and member transparency are noteworthy, but the broader lesson resonates across all sectors: in cyberspace, every pawn matters, and every overlooked integration may become a checkmate. Original coverage here: https://lnkd.in/eYDQhNQ4 (chess.com discloses recent data breach via file transfer app) Don't just take our word for it, read the full story here: https://lnkd.in/eYDQhNQ4 #SECURITYOPERATIONS #BLUETEAM #CYBERSECURITY #SOC #DIRECTOROFAI