In this session we talk about Salesloft Drift and the implications of OAuth based attacks. Companies use Drift with Salesloft to automate lead capture + sales workflows into Salesforce.com. Enter Nation State threat actor UNC6395, who was able to steal the tokens and gain a backdoor into Salesforce via these OAuth tokens.

We then dive into the Evolution of Cloud Based Attacks, where threat actors like Storm-0501 are moving away from noisy, on-prem encryption and pivoting to the cloud—where exfiltration, data destruction, and extortion can all happen without dropping a single payload. Add to that the rise of extortion-only campaigns, and we’re looking at an evolution that defenders need to understand right now.

Special guests:

MacKenzie Brown, VP of APG at Blackpoint

Charles Buck, Founder and CTO of SaaS Alerts

Chris Loehr, DFIR Exerpt

Phyllis Lee, VP of Content at CIS

Last week, we dug into the surge of SonicWall VPN compromises. At first, there was speculation about a possible new zero day — but as the dust settled, we learned it was far more familiar: unpatched systems, misconfigurations, stale service accounts.

One of the biggest takeaways came from breach attorney Spencer Pollack, who cautioned MSPs: don’t speculate. When cyber hits the fan, the truth comes out in the contracts.

That’s exactly where we’re going in today's session. We’re joined by two legal experts — Eric Tilds, MSP business attorney, and Spencer Pollock, breach attorney — to break down how your MSAs and SOWs can either protect you or expose you during a cyber incident.

If you’ve ever wondered whether the language in your agreements will hold up when your client is breached, this is the conversation you don’t want to miss.

In this session of The CyberCall, we’re cutting straight into one of the most relentless threats MSPs and their clients are facing right now—targeted ransomware attacks exploiting SonicWall SSLVPNs, with signs the attackers are already shifting to Fortinet VPNs.

This isn’t theory. It’s happening in the wild, and the fallout is real. Huntress has been on the frontlines analyzing the tactics, SonicWall’s SOC is in the middle of the response, and breach attorneys are already managing a wave of legal cases tied to these compromises.

We’re joined by three experts who see this crisis from every angle: Jamie Levy, Director of Adversary Tactics at Huntress, Cory Clark, VP of Threat Operations at SonicWall, and Spencer Pollack, Breach Attorney at McDonald Hopkins, currently handling 20+ of these cases.

Special Co-host: Chris Loehr, EVP of Solis.