About this episode
Three Buddy Problem - Episode 61: We cover a pair of software supply chain breaches (Salesforce Salesloft Drift and NPM/GitHub) that raises big questions about SaaS integrations and the ripple effects across major security vendors.
Plus, Apple’s new Memory Integrity Enforcement in iPhone 17 and discussion on commercial spyware infections and the value of Apple notifications; concerns around Chinese hardware and surveillance equipment in US infrastructure; Silicon Valley profiting from China’s surveillance ecosystem; and controversy around a Huntress disclosure of an attacker’s operations after an EDR agent was mistakenly installed.
Cast: Juan Andres Guerrero-Saade, Ryan Naraine and Costin Raiu.Links:Transcript (unedited, AI-generated)Salesforce advisory on Salesloft Drift hackSalesloft Drift Breach TrackerMandiant Drift and Salesloft Application InvestigationsWidespread Data Theft Targets Salesforce Instances via Salesloft DriftLarge-Scale NPM AttackNPM attack failed, with almost no victimsChinese Hackers Pretended to Be a Top U.S. LawmakerCzech cyber agency warns against using services and products that send data to China