The Biden administration has classified spyware utilized for hacking phones as controversial enough to enforce stringent limitations on its usage by the US government via an executive order enacted in March 2024. However, the Trump administration is poised to change this in its vigorous pursuit to enhance its deportation force, the most financially supported law enforcement body in the US, potentially marking the beginning of a new period of domestic surveillance.
Numerous technology and security companies, including Cloudflare, Palo Alto Networks, Spycloud, and Zscaler, have confirmed that client data was compromised in a hack that initially targeted a chatbot system from Salesloft, a sales and revenue generation firm. The significant data breach commenced in August, with more corporations recently revealing the theft of customer data.
In late August, Salesloft recognized a “security issue” in its Drift application, an AI chatbot system designed for monitoring potential customer interactions. The security flaw was associated with Drift’s connection to Salesforce. Between August 8 and August 18, cybercriminals exploited compromised OAuth tokens related to Drift to gain access to account information.
Google security researchers unveiled the breach at the close of August, mentioning that the attackers downloaded vast amounts of data from multiple corporate Salesforce instances, targeting passwords and other credentials. Over 700 businesses could have been impacted, with Google subsequently reporting the exploitation of Drift’s email integration.
On August 28, Salesloft halted its Salesforce-Salesloft integration to probe the security issues and announced on September 2 that Drift would be temporarily deactivated to bolster system resilience and security. More companies affected by the breach are anticipated to alert their customers shortly.
US intelligence agencies have historically struggled to gather intelligence on North Korea’s governing regime. This week, The New York Times revealed a highly classified incident exposing an intense US military endeavor to surveil the regime. In 2019, SEAL Team 6 attempted an amphibious operation to deploy an electronic surveillance device on North Korean territory, which failed and led to the deaths of several North Koreans. The mission was called off after the SEALs mistakenly shot civilians they encountered while swimming ashore. The Trump administration reportedly did not inform congressional committee leaders overseeing military and intelligence operations.
Phishing remains a widespread and effective tactic for hackers to obtain initial network access. A study indicates that training employees to identify and resist phishing attempts is difficult. At UC San Diego Health, simulated phishing attempts revealed merely a 1.7% reduction in failure rates among trained personnel compared to untrained personnel, likely due to the training being overlooked or not recognized. Conversely, staff who completed a training Q&A were 19% less likely to fail subsequent phishing tests, although this still provides limited defense. The takeaway is to discover methods to identify phishing that do not depend on individuals spotting the deceit, as humans are often the weakest link in security.
Online piracy continues to flourish, with over 216 billion visits to piracy sites in the previous year for streaming films, television, and sports. However, the largest illegal sports streaming site, Streameast, was dismantled following an investigation by the Alliance for Creativity and Entertainment and Egyptian authorities. Streameast managed 80 domains with over 1.6 billion yearly visits, streaming soccer matches and other sports. According to The Athletic, two individuals in Egypt were reportedly arrested for copyright infringement, with authorities uncovering connections to a shell company used to launder around $6.2 million in advertising revenue over 15 years.
