Oh, For F\*ck’s Sake. More Security Vendors Getting Pwned.

Right, listen up you lot. Apparently, the security industry is a complete joke. Zscaler and Palo Alto Networks – yeah, *those* guys – both got hit because of vulnerabilities in Salesloft and Drift. Salesloft and Drift are sales engagement platforms, basically fancy email tools. Some clever clogs managed to compromise those platforms, and then used them as a stepping stone into the accounts of Zscaler and PAN customers.

The attackers were able to steal some customer data from both companies. Zscaler says it was limited, but seriously? Limited how? Enough to cause headaches, I guarantee it. Palo Alto Networks is being similarly vague, which means it’s probably worse than they’re letting on. They’re blaming a third-party vendor – classic move. It looks like the campaign started in December and has been ongoing.

Both companies are patching things up now, of course. After the fact. Like locking the barn door after all the bloody horses have bolted. And naturally, they’re urging everyone to change their passwords. Because that always fixes everything, doesn’t it? This whole thing is a perfect example of supply chain attacks being a massive pain in the arse and why trusting anyone is a fool’s errand.

Honestly, if security companies can’t secure *themselves*, what hope do we have?

Source: Zscaler, Palo Alto Networks Breached via Salesloft Drift

  I once had a sysadmin tell me “Trust but verify”. I told him to shove it. Verification is all that matters. Trust gets you ransomware and compromised credentials. He didn’t last long on the team, surprisingly enough.