Installing an app from the Google Workspace Marketplace or GitHub Marketplace can grant a third party access to company email, files, calendars, code repositories, CI workflows, organization settings, and secrets. Marketplace presence gives these apps the appearance of approval. The OAuth grants behind them often reach into business systems beyond the listed function. An audit…
Tag: party
AI, Global Security News
Grafana GitHub Token Breach Led to Codebase Download and Extortion Attempt
Grafana has disclosed that an “unauthorized party” obtained a token that granted them the ability to access the company’s GitHub environment and download its codebase. “Our investigation has determined that no customer data or personal information was accessed during this incident, and we have found no evidence of impact to customer systems or operations,” Grafana…
AI, Global Security News, Risk Management
The questionnaire-based TPRM model is broken, and TrustCloud has a fix
TrustCloud announced a new version of TrustLens, its third party risk management (TPRM) solution. The new TrustLens agentic AI capabilities focus on delivering four requirements every CISO wants in their TPRM program: speed, accuracy, coverage, and proactive risk mitigation. In the latest TrustLens deployments, a Global 2000 life sciences customer leveraged the TPRM AI agent…
AI, Data Breaches, Global Security News
900,000 contact records exposed in Aura data breach
Aura, the online safety service, confirmed that an unauthorized party accessed about 900,000 records, mostly names and email addresses from a marketing tool linked to a company it acquired in 2021. The incident occurred as a result of a targeted phone phishing attack that tricked one of the employees. Aura believes that contact information related…
AI, Global Security News
Aura confirms data breach exposing 900,000 marketing contacts
Identity protection company Aura has confirmed that an authorized party gained access to nearly 900,000 customer records containing names and email addresses. […]
AI, Apps, Data Breaches, Exploits, Global Security News, Government & Policy, Network Security, Risk Management
ShinyHunters Claims Wynn Resorts Data Theft
Wynn Resorts has confirmed that employee data was accessed by an unauthorized third party after the company appeared on the ShinyHunters extortion group’s leak site. The casino and hospitality giant said it activated its incident response plan immediately upon discovering the intrusion. “We have learned that an unauthorized third party acquired certain employee data,” Wynn…