Search This Blog
Powered by Blogger.

Blog Archive

Labels

Footer About

Footer About

Labels

Load More
Trendy Right Now

Popular Posts

Showing posts with label Salesforce. Show all posts
Workiva
Cloud Server CloudFlare CRM Cybersecurity Data Breach phishing Salesforce ShinyHunters Vulnerabilities Workday Workiva

Workiva Confirms Data Breach in Wake of Salesforce Security Incident


 

A recent cyberattack on Salesforce customers has prompted Workiva to disclose a breach linked to a recent wave of attacks, serving as a reminder of the increasing cybersecurity risks faced by global organisations. Workiva provides financial reporting, compliance, and audit software, as well as financial reporting and compliance software, based in the cloud. 

As the company confirmed, attackers have accessed a third-party customer relationship management system (CRM), exposing information about limited company contact details, including names, email addresses, phone numbers, and support ticket information. As an important note, Workiva stressed that its own platform and customer data remain safe and secure. 

According to the ShinyHunters extortion group, the breach is part of a broader campaign that has been carried out by the threat actors to gain unauthorized access to sensitive business information, including exploiting OAuth tokens and conducting voice phishing. As a result of these attacks, Workiva has warned customers that spear phishing attempts should not be ignored and emphasized that all official communications will continue to come from its verified support channels only. 

According to Workiva, whose cloud-based platform is widely used for financial reporting, compliance and audit processes, the breach could be traced back to unauthorized access to the customer relationship management system of a third party. There has been a breach of security at Adobe. 

In notifications sent to clients who may be affected, the company disclosed that attackers were able to access a limited set of business contact details, such as names, email addresses, phone numbers, and support tickets data. As Workiva clarified, its core platform and any customer data stored inside it have not been compromised, rather the intrusion originated via a connected third-party application that was managed by the vendor responsible for Workiva's customer relationship management system. 

Over 6,300 customers are included in the company, including 85 percent of Fortune 500 companies and prominent names like Google, T-Mobile, Delta Air Lines, Wayfair, Hershey, and Mercedes-Benz, so the company stressed the importance of staying vigilant and warned that the stolen data could be used to conduct spear-phishing scams. 

It was reiterated that Workiva would never solicit sensitive information by text or phone, nor would it seek to communicate with customers through official channels other than its trusted support channels, as a means of reassuring customers. Due to the fact that even the most prominent security vendors were not spared from the wave of intrusions, the cybersecurity community has been on their toes due to the wave of intrusions. 

A simple example of this, Cloudflare, reported that attackers bypassed traditional social engineering by exploiting credential compromises linked to Salesloft Drift, one of the third-party applications that are integrated with Salesforce, instead of taking advantage of traditional social engineering techniques. 

Using this access, threat actors were able to infiltrate Cloudflare's Salesforce environment on August 12, and spend two days mapping the system before conducting a rapid exfiltration operation which, within minutes of the operation, sucked off sensitive data, deleted log files and attempted to erase digital traces. 

Earlier, Palo Alto Networks confirmed that a similar breach had occurred during the period between August 8 and 18, with attackers leveraging stolen OAuth tokens to gain access to the Salesforce system that the Salesforce integration was integrated into. In this period, adversaries were able to extract customer contact information, sales records, and case data. 

After obtaining these items, the adversaries later scanned the stolen data for passwords and cloud service credentials, which were used to facilitate secondary attacks targeting AWS and Snowflake platforms. Analysts point out that these incidents do not imply that core defences have collapsed, but rather that trust dependencies within digital ecosystems are fragile. 

With the use of weak access controls and third-party connections, groups like Scattered Spider, Lapsus$, and ShinyHunters have exploited stolen data and ransom profits on underground channels to make a profit, raising the concern that a much bigger scope of exposure may be uncovered than has been revealed.

Despite being one of the world's largest HR software providers, Workday has confirmed that it also became a victim of a cyberattack campaign utilizing Salesforce's customer relationship management platform. There is a possibility that the incident, which was first reported on August 6, could have impacted the personal information of up to 70 million individuals as well as 11,000 corporate clients' business information. 

Despite Workday stressing that its core HR systems that are known as customer tenants remain unaffected by this attack, it admits that attackers were able to access business contact details in its Salesforce integration, including names, email addresses, phone numbers, and facsimiles. A growing list of victims has included Google, Cisco, Qantas, and Pandora as well as other large companies. 

The breach underscores how adversaries are increasingly targeting third-party service providers that are acting as gateways to vast amounts of personal data. As roughly 60% of Fortune 500 companies use Workday's platform for their digital supply chains, the incident emphasizes the risks involved in a digital supply chain that is interconnected. 

A number of security experts have warned that these SaaS and CRM systems, which were once treated as routine business tools, have now become very valuable attack surfaces for cyber criminals. As analysts point out that ShinyHunters seems to be the likely culprit, attention has now turned to their tactics, namely, phishing campaigns designed to trick employees into giving them their credentials by impersonating HR and IT staff. 

The breach has reignited debate among cybersecurity professionals regarding whether the breaches indicate the development of sophisticated social engineering techniques, or whether they reveal persistent shortcomings in organizational awareness and training. In light of the string of breaches tied to Salesforce integrations, enterprises have reached the point of reassessing, monitoring, and securing third-party platforms that are woven into the daily operation of their companies. 

The incidents were unprecedented in their scope and severity, and although some companies haven't been able to contain the fallout as quickly as others has, the incidents illustrate that even some of the most trusted vendors cannot be made to appear invulnerable. The majority of cybersecurity specialists believe that organizations need to build a wider security posture beyond perimeter defense, including vendor risk management and zero-trust frameworks, as well as tighter controls on identity and access. 

Auditing integrations on a regular basis, minimizing permissions granted through OAuth, and monitoring API usage are no longer optional safeguards, but are strategic imperatives in an environment where many attackers thrive on exploiting overlooked trust relationships in order to achieve the greatest possible gain. 

Additionally, greater focus on employee awareness about spear-phishing and impersonation schemes can be a critical component in reducing the chances of credential theft, which is an entry point that appears to be becoming more prevalent each year. In the case of organizations reliant on SaaS ecosystems, the lesson is clear - securing extended supply chains is as important as protecting internal infrastructure as it is in keeping business resilient, and the adaptors will be the ones best positioned to withstand the next wave of attack.
Read more »
Salesloft security alert
Boeing data breach Drift AI hack Google Threat Intelligence OAuth token compromise Salesforce Salesforce credential theft Salesloft security alert

Hackers Exploit Drift AI Integration to Steal Salesforce Data in Major Campaign

 



Hackers have launched a widespread attack campaign stealing sensitive data from Salesforce instances by exploiting a third-party integration, according to Google’s Threat Intelligence Group.

The group of attackers, tracked by Google as UNC6395, abused compromised OAuth tokens linked to Salesloft’s Drift AI chat agent to infiltrate Salesforce environments. Their main objective was credential theft, enabling large-scale exfiltration of customer data.

“Google Threat Intelligence is aware of over 700 potentially impacted organizations,” said Austin Larsen, principal threat analyst at Google. He confirmed that the hackers automated the campaign using a Python-based tool to rapidly harvest information.

Researchers clarified that Salesforce itself was not compromised. Instead, attackers targeted authentication tokens, later searching for AWS access keys, passwords, and Snowflake platform tokens.

The incidents occurred primarily between August 8 and August 18, with Salesloft working alongside Salesforce to revoke compromised Drift tokens by August 20. Salesloft also issued a security alert instructing administrators to reauthenticate Salesforce connections.

Salesforce acknowledged detecting “unusual activity” tied to a small number of customer accounts. As a precaution, the company has temporarily removed Drift from its AppExchange marketplace and is cooperating with Salesloft to support affected customers.

Google researchers noted that attackers attempted to cover their tracks by deleting query jobs but confirmed that event logs remain intact, urging security teams to audit logs for signs of exposure.

Charles Carmakal, CTO of Mandiant Consulting, advised impacted organizations to follow remediation guidance, including revoking API keys, rotating credentials, and hardening access controls.

The latest Google update warns the compromise extends beyond Salesforce integrations, as OAuth tokens linked to “Drift Email” were also targeted. A limited number of Google Workspace accounts were breached on August 9, though Google confirmed there was no compromise of Workspace or Alphabet systems overall.

Experts emphasize that any organization using Salesloft Drift should assume their authentication tokens may have been exposed and act immediately to secure accounts.
Read more »
Workday
Data Breach Salesforce ShinyHunters Social Engineering Workday

Workday Suffers Data Breach in Broader Salesforce Campaign

 

Workday, a major player in the human resources sector, has disclosed a recent data breach caused by a social engineering attack targeting a third-party customer relationship management (CRM) system—specifically, a Salesforce instance.

Although Workday, headquartered in Pleasanton, California, provides services to over 11,000 organizations worldwide (including over 60% of the Fortune 500), the company reports that its main customer data environments known as "customer tenants" were not accessed or impacted by the breach. 

The breach, uncovered nearly two weeks before disclosure, exposed business contact information such as names, emails, and phone numbers contained in the compromised CRM. 

Workday clarified that the compromised data was mostly publicly available information frequently used for business contact purposes, but acknowledged that this exposure could still facilitate further social engineering or phishing attempts by malicious parties. Employees were alerted that attackers may attempt to contact them, impersonating HR or IT staff, to extract sensitive details or credentials. 

This incident is part of a larger ongoing campaign allegedly orchestrated by the ShinyHunters extortion group. BleepingComputer reports that this group specializes in targeting Salesforce CRM instances at major firms through tactics like voice phishing and social engineering. 

Their modus operandi often involves convincing employees to link a fraudulent OAuth application to the company's Salesforce environment, granting attackers access to download vital company databases. Subsequently, stolen data is used for extortion, and the attack group’s ransom notes have consistently identified themselves as ShinyHunters. 

Several other global corporations—including Adidas, Qantas, Allianz Life, Louis Vuitton, Dior, Tiffany & Co., Chanel, and Google—have fallen victim to similar attacks over the past few months, with activity believed to have started at the beginning of the year. 

Although Workday didn't confirm direct involvement with Salesforce in their public statement, a company spokesperson indicated the breach was associated with business contact data in the Salesforce platform. The attackers primarily leveraged social engineering, not technical vulnerabilities, to obtain unauthorized access. This breach highlights the increasing effectiveness of well-crafted social engineering attacks targeting SaaS platforms and the persistent threat posed by organized groups such as ShinyHunters. While the compromise did not reach more sensitive internal systems, Workday and similar organizations face ongoing risks of secondary attacks fueled by the exposed contact data.
Read more »
stolen information
Data Breach Google Hacking Phishing Attack Salesforce Scams stolen information

Google Confirms Data Breach in Salesforce System Linked to Known Hacking Group

 



Google has admitted that some of its customer data was stolen after hackers managed to break into one of its Salesforce databases.

The company revealed the incident in a blog post on Tuesday, explaining that the affected database stored contact details and notes about small and medium-sized business clients. The hackers, a group known online as ShinyHunters and officially tracked as UNC6040, were able to access the system briefly before Google’s security team shut them out.

Google stressed that the stolen information was limited to “basic and mostly public” details, such as business names, phone numbers, and email addresses. It did not share how many customers were affected, and a company spokesperson declined to answer further questions, including whether any ransom demand had been made.

ShinyHunters is notorious for breaking into large organizations’ cloud systems. In this case, Google says the group used voice phishing, calling employees and tricking them into granting system access — to target its Salesforce environment. Similar breaches have recently hit other companies using Salesforce, including Cisco, Qantas, and Pandora.

While Google believes the breach’s immediate impact will be minimal, cybersecurity experts warn there may be longer-term risks. Ben McCarthy, a lead security engineer at Immersive, pointed out that even simple personal details, once in criminal hands, can be exploited for scams and phishing attacks. Unlike passwords, names, dates of birth, and email addresses cannot be changed.

Google says it detected and stopped the intrusion before all data could be removed. In fact, the hackers only managed to take a small portion of the targeted database. Earlier this year, without naming itself as the victim, Google had warned of a similar case where a threat actor retrieved only about 10% of data before being cut off.

Reports suggest the attackers may now be preparing to publish the stolen information on a data leak site, a tactic often used to pressure companies into paying ransoms. ShinyHunters has been linked to other criminal networks, including The Com, a group known for hacking, extortion, and sometimes even violent threats.

Adding to the uncertainty, the hackers themselves have hinted they might leak the data outright instead of trying to negotiate with Google. If that happens, affected business contacts could face targeted phishing campaigns or other cyber threats.

For now, Google maintains that its investigation is ongoing and says it is working to ensure no further data is at risk. Customers are advised to stay alert for suspicious calls, emails, or messages claiming to be from Google or related business partners.

Read more »
Salesforce
Data Data Breach Hackers Ransomware Salesforce

Cybercriminals Exploit Fake Salesforce Tool to Steal Company Data and Demand Payments

 



A group of hackers has been carrying out attacks against businesses by misusing a tool that looks like it belongs to Salesforce, according to information shared by Google’s threat researchers. These attacks have been going on for several months and have mainly focused on stealing private company information and later pressuring the victims for money.


How the Attack Happens

The hackers have been contacting employees by phone while pretending to work for their company’s technical support team. Through these phone calls, the attackers convince employees to share important login details.

After collecting this information, the hackers guide the employees to a specific page used to set up apps connected to Salesforce. Once there, the attackers use an illegal, altered version of a Salesforce data tool to quietly break into the company’s system and take sensitive data.

In many situations, the hackers don’t just stop at Salesforce. They continue to explore other parts of the company’s cloud accounts and sometimes reach deeper into the company’s private networks.


Salesforce’s Advice to Users

Earlier this year, Salesforce warned people about these kinds of scams. The company has made it clear that there is no known fault or security hole in the Salesforce platform itself. The problem is that the attackers are successfully tricking people by pretending to be trusted contacts.

Salesforce has recommended that users improve their account protection by turning on extra security steps like multi-factor authentication, carefully controlling who has permission to access sensitive areas, and limiting which locations can log into the system.


Unclear Why Salesforce is the Target

It is still unknown why the attackers are focusing on Salesforce tools or how they became skilled in using them. Google’s research team has not seen other hacker groups using this specific method so far.

Interestingly, the attackers do not all seem to have the same level of experience. Some are very skilled at using the fake Salesforce tool, while others seem less prepared. Experts believe that these skills likely come from past activities or learning from earlier attacks.


Hackers Delay Their Demands

In many cases, the hackers wait for several months after breaking into a company before asking for money. Some attackers claim they are working with outside groups, but researchers are still studying these possible connections.


A Rising Social Engineering Threat

This type of phone-based trick is becoming more common as hackers rely on social engineering — which means they focus on manipulating people rather than directly breaking into systems. Google’s researchers noted that while there are some similarities between these hackers and known criminal groups, this particular group appears to be separate.

Read more »
Technology
AI technology AI tools Business AI Copilot data security LLM Microsoft Salesforce Technology

Microsoft and Salesforce Clash Over AI Autonomy as Competition Intensifies

 

The generative AI landscape is witnessing fierce competition, with tech giants Microsoft and Salesforce clashing over the best approach to AI-powered business tools. Microsoft, a significant player in AI due to its collaboration with OpenAI, recently unveiled “Copilot Studio” to create autonomous AI agents capable of automating tasks in IT, sales, marketing, and finance. These agents are meant to streamline business processes by performing routine operations and supporting decision-making. 

However, Salesforce CEO Marc Benioff has openly criticized Microsoft’s approach, likening Copilot to “Clippy 2.0,” referencing Microsoft’s old office assistant software that was often ridiculed for being intrusive. Benioff claims Microsoft lacks the data quality, enterprise security, and integration Salesforce offers. He highlighted Salesforce’s Agentforce, a tool designed to help enterprises build customized AI-driven agents within Salesforce’s Customer 360 platform. According to Benioff, Agentforce handles tasks autonomously across sales, service, marketing, and analytics, integrating large language models (LLMs) and secure workflows within one system. 

Benioff asserts that Salesforce’s infrastructure is uniquely positioned to manage AI securely, unlike Copilot, which he claims may leak sensitive corporate data. Microsoft, on the other hand, counters that Copilot Studio empowers users by allowing them to build custom agents that enhance productivity. The company argues that it meets corporate standards and prioritizes data protection. The stakes are high, as autonomous agents are projected to become essential for managing data, automating operations, and supporting decision-making in large-scale enterprises. 

As AI tools grow more sophisticated, both companies are vying to dominate the market, setting standards for security, efficiency, and integration. Microsoft’s focus on empowering users with flexible AI tools contrasts with Salesforce’s integrated approach, which centers on delivering a unified platform for AI-driven automation. Ultimately, this rivalry is more than just product competition; it reflects two different visions for how AI can transform business. While Salesforce focuses on integrated security and seamless data flows, Microsoft is emphasizing adaptability and user-driven AI customization. 

As companies assess the pros and cons of each approach, both platforms are poised to play a pivotal role in shaping AI’s impact on business. With enterprises demanding robust, secure AI solutions, the outcomes of this competition could influence AI’s role in business for years to come. As these AI leaders continue to innovate, their differing strategies may pave the way for advancements that redefine workplace automation and decision-making across the industry.
Read more »
Technology
Artificial Intelligence Marketing Trend Salesforce Technology

The Use of AI by Sales Teams is Booming

 

According to Salesforce's 2024 State of Sales report, sales teams are combining tools and strengthening data security to reap the benefits of AI. Following a global survey of 5,500 sales professionals, the report's four main findings are as follows: 

Mounting pressure: Sellers are struggling due to marketplace demands and not enough production. However, sales teams continue to overcome challenges in order to expand. Over the last year, 79% of sales teams increased their revenue. In addition, 82% of salespeople are confident in their company's 12-month growth strategy. 

Partner selling is helping to drive growth; 84% of sales professionals believe it has a greater influence on revenue than a year ago. According to the global answer, 89% of sales teams are presently using partner sales. Recurring revenues (42% of revenue source) are increasing, with more than 90% of sales teams using multiple revenue sources. 

Sellers face changing consumer expectations, which leads to challenging sales motions; 67% of sales professionals do not plan to fulfil their quota this year, and 84% missed it last year. According to the survey, marketplace competition is also becoming a headache. 57% believe it has been more difficult since last year, while only 13% feel it has become easier. The most apparent disclosure, in my opinion, is the non-selling duties that take up the majority of a seller's time. Sales representatives devote 70% of their time to non-selling tasks. 

Surge in AI adoption: Sales teams are using AI to increase efficiency and personalisation, but many are concerned about funding, training, and data gaps. 81% of sales teams claim to use AI currently. According to the survey, four out of five sales teams are either experimenting with AI or have fully incorporated it. The most significant advantages of AI are improved sales data quality and accuracy. The other significant advantage of AI is that 83% of sales teams with AI experienced revenue increase in the previous year, compared to 66% of teams without AI.

Using enablement tactic: Sales teams are enhancing training programs for both direct sellers and partners, as a critical tactic for providing additional value to consumers. Improving sales enablement is the most effective growth strategy. AI can aid with sales enablement. As per the survey, the most preferred technique for sales teams to use AI for enablement is to provide real-time selling advise, which involves AI technologies giving reps personalised advice while they are working.
Read more »
Slack
AI Models AI Training Customer Data Cyber Security Data Policies data security GDPR GDPR Breach Privacy Policy Salesforce Slack

Slack Faces Backlash Over AI Data Policy: Users Demand Clearer Privacy Practices

 

In February, Slack introduced its AI capabilities, positioning itself as a leader in the integration of artificial intelligence within workplace communication. However, recent developments have sparked significant controversy. Slack's current policy, which collects customer data by default for training AI models, has drawn widespread criticism and calls for greater transparency and clarity. 

The issue gained attention when Gergely Orosz, an engineer and writer, pointed out that Slack's terms of service allow the use of customer data for training AI models, despite reassurances from Slack engineers that this is not the case. Aaron Maurer, a Slack engineer, acknowledged the need for updated policies that explicitly detail how Slack AI interacts with customer data. This discrepancy between policy language and practical application has left many users uneasy. 

Slack's privacy principles state that customer data, including messages and files, may be used to develop AI and machine learning models. In contrast, the Slack AI page asserts that customer data is not used to train Slack AI models. This inconsistency has led users to demand that Slack update its privacy policies to reflect the actual use of data. The controversy intensified as users on platforms like Hacker News and Threads voiced their concerns. Many felt that Slack had not adequately notified users about the default opt-in for data sharing. 

The backlash prompted some users to opt out of data sharing, a process that requires contacting Slack directly with a specific request. Critics argue that this process is cumbersome and lacks transparency. Salesforce, Slack's parent company, has acknowledged the need for policy updates. A Salesforce spokesperson stated that Slack would clarify its policies to ensure users understand that customer data is not used to train generative AI models and that such data never leaves Slack's trust boundary. 

However, these changes have yet to address the broader issue of explicit user consent. Questions about Slack's compliance with the General Data Protection Regulation (GDPR) have also arisen. GDPR requires explicit, informed consent for data collection, which must be obtained through opt-in mechanisms rather than default opt-ins. Despite Slack's commitment to GDPR compliance, the current controversy suggests that its practices may not align fully with these regulations. 

As more users opt out of data sharing and call for alternative chat services, Slack faces mounting pressure to revise its data policies comprehensively. This situation underscores the importance of transparency and user consent in data practices, particularly as AI continues to evolve and integrate into everyday tools. 

The recent backlash against Slack's AI data policy highlights a crucial issue in the digital age: the need for clear, transparent data practices that respect user consent. As Slack works to update its policies, the company must prioritize user trust and regulatory compliance to maintain its position as a trusted communication platform. This episode serves as a reminder for all companies leveraging AI to ensure their data practices are transparent and user-centric.
Read more »
Vulnerability and Exploits.
Cloud Platform Critical Flaws Data Exposure Digital World Malicious actor Salesforce Sensitive data Third Party Apps Vulnerability and Exploits.

ServiceNow Data Exposure Flaw Raises Concerns

ServiceNow, a popular enterprise cloud platform, was found to have a serious data exposure vulnerability. Concerns concerning the security of sensitive data in cloud-based systems have been highlighted by this occurrence, which has shocked the cybersecurity community.

According to reports from cybersecurity experts and firms, the vulnerability in ServiceNow's infrastructure could potentially lead to unauthorized access to sensitive data. The flaw, if exploited, could allow malicious actors to gain access to confidential information stored within the platform, posing a significant risk to organizations relying on ServiceNow for their day-to-day operations.

Enumerated, a cybersecurity firm, was among the first to identify and report the flaw. They disclosed that the issue stemmed from a misconfiguration in ServiceNow's security settings, leaving a gap that could be exploited by cybercriminals. This revelation has prompted immediate action from ServiceNow, as they work tirelessly to rectify the situation and implement robust security measures.

Salesforce, a leading cloud-based customer relationship management platform, was also mentioned in connection with the data exposure issue. While the exact nature of the link between Salesforce and ServiceNow remains unclear, experts speculate that this incident might highlight a broader concern regarding the security of cloud-based platforms and the need for enhanced vigilance in safeguarding sensitive data.

The cybersecurity community, along with industry experts, has been vocal about the importance of regular security audits and assessments for cloud-based platforms. This incident serves as a stark reminder of the potential risks associated with relying on third-party providers for critical business functions.

As the investigation into this data exposure flaw continues, organizations using ServiceNow are advised to review their security protocols and take immediate steps to mitigate potential risks. This includes ensuring that access controls and permissions are configured correctly and conducting thorough vulnerability assessments to identify and address any potential security gaps.

The ServiceNow data exposure vulnerability highlights how important it is for cloud-based platforms to have strong cybersecurity safeguards. It acts as a wake-up call for businesses, encouraging them to give security first priority and take preventative measures to protect sensitive data in an increasingly linked digital world.

Read more »
Technology
AI technology Generative AI Innovation Salesforce Technology

Salesforce Unveils AI Cloud, Empowering Enterprises with Reliable Generative AI Capabilities

Today, Salesforce unveiled AI Cloud, an enterprise AI solution designed to enhance productivity throughout its suite of applications. This innovative platform integrates multiple Salesforce technologies, including Einstein, Data Cloud, Tableau, Flow, and MuleSoft, to deliver real-time generative AI capabilities that seamlessly integrate with business operations. 

With this open platform, businesses can easily incorporate AI into their workflows and drive greater efficiency across Salesforce applications. The foundational element of AI Cloud is the innovative Einstein Trust Layer, which Salesforce considers to be a groundbreaking enterprise AI architecture. 

This layer not only harnesses the benefits of generative AI but also prioritizes data privacy and security, aiming to establish a new industry standard. Salesforce ensures that the utmost measures are in place to safeguard sensitive information. With the Einstein Trust Layer, Salesforce strives to instill trust in enterprise-generative AI by safeguarding sensitive data in AI applications and workflows. 

This layer ensures that proprietary data remains separate from public models, addressing crucial aspects of data privacy, security, residency, and compliance specific to generative AI. Salesforce aims to establish a solid foundation of trust by prioritizing the protection of valuable data assets. 

What is generative artificial intelligence (AI)? 

Generative AIs play crucial roles in content creation across different industries. Movie makers utilize them to fill narrative gaps or even drive the storyline. News organizations employ generative AIs to generate short snippets or entire stories, particularly for structured reports like sports or financial updates. 

AI algorithms serve various purposes such as data classification, organization, and reasoning. Among them, generative algorithms stand out by creating data through a realistic synthesis of images, sounds, and videos. These algorithms utilize models of the world to generate simulated environments that align with the predefined model. Essentially, they start with a vision of what the world should be and bring it to life through simulated representations. 

Challenges of generative artificial intelligence (AI)? 

Certain advanced generative AI algorithms possess the ability to deceive, leading to the creation of what is commonly known as "deep fakes." These fabricated outputs can be misused for fraudulent activities, such as impersonating individuals to carry out various forms of fraud. 

For instance, malicious actors may attempt to mimic someone's identity to illicitly withdraw funds from a bank account and other sensitive information. Additionally, deep fakes can be used to manipulate and falsely attribute statements to individuals, potentially leading to serious consequences like defamation or slander. 

 What does the future look like? 

According to recent research by Salesforce, global economic growth is anticipated to receive a significant boost of over $15 trillion by 2030 due to the influence of AI. This growth is projected to lead to a substantial 26% increase in GDP. 

However, the widespread adoption of AI hinges on the crucial factors of building trust and ensuring robust data privacy measures. To fully leverage the potential of AI, it is imperative to establish a foundation of trust and safeguard the privacy of data.
Read more »
Varonis Threat Lab
Data Breach deactivated sites DNS Hacking Ghost sites Salesforce Threat actors Varonis Threat Lab

Ghost Sites: Attackers are now Exposing Data From Deactivated Salesforce Sites


Varonis Threat Lab researchers recently discovered that Salesforce ‘ghost sites,’ that are no longer in use, if improperly deactivated and unmaintained may remain accessible and vulnerable of being illicitly used by threat actors. They noted how by compromising the host header, a hacker may gain access to sensitive PII and business data.

With the help of Salesforce Sites, businesses can build specialized communities where partners and clients could work collaboratively.

But when these communities are no longer required, they are frequently preserved rather than shut down. These sites aren't examined for vulnerabilities since they aren't maintained, and the administrators don't update the security measures in accordance with contemporary guidelines.

Apparently, Varonis Threat Labs on its recent findings discovered that since these ghost sites were not properly deactivated, they were easily accessible to attackers who were using them to put illicit data, exploiting the sites.

They added that the exposed data did not only consist of the old data of the sites, but also fresh records that were disclosed to guest user, who shared configuration in the Salesforce environment.

Salesforce Ghost Sites

According to Varonis Threat Labs, Salesforce ghost sites are created when a company, instead of using unappealing internet URLs uses a custom domain name. This is done so that the organization’s partners could browse the sites. . “This is accomplished by configuring the DNS record so that ‘partners.acme.org’ [for example] points to the lovely, curated Salesforce Community Site at “partners.acme.org. 00d400.live.siteforce.com[…]With the DNS record changed, partners visiting “partners.acme.org” will be able to browse Acme’s Salesforce site. The trouble begins when Acme decides to choose a new Community Site vendor,” the researchers said.

Companies might switch out a Salesforce Experience Site for an alternative, just like they would with any other technology. Varonis Threat Labs stated, "Acme subsequently updates the DNS record of 'partners.acme.org' to link toward a new site that might function in their AWS environment." The Salesforce Site is no longer present from the users' perspective, and a new Community page is now accessible. The new page may not be functioning in the environment or connected to Salesforce in any way, and no blatant integrations are visible.

However, the study found that a lot of businesses only modify DNS entries. “They do not remove the custom domain in Salesforce, nor do they deactivate the site. Instead, the site continues to exist, pulling data and becoming a ghost site,” a researcher said.

Attackers exploit these sites simply by changing the host header. They mislead Salesforce into believing that the site was accessed as https://partners.acme.org/ making the sites accessible to the attackers.

Although these sites can also be accessed through their whole internal URLs, an intruder would find it difficult to recognize these URLs. However, locating ghost sites is significantly simpler when utilizing tools that index and archive DNS information, like SecurityTrails and comparable technologies.

What is the Solution

Varonis Threat Labs advised that the sites that are no longer in use should be properly deactivated. They also recommended to track all Salesforce sites and their respective users’ permissions, involving both community and guest users. Moreover, the researchers created a guide on ‘protecting your active Salesforce Communities against recon and data theft.’ 

Read more »
Subscribe to: Posts (Atom)