Showing 6 results
-
Sep 16, 2024
Data Theft in Salesforce: Manipulating Public Links
Varonis Threat Labs uncovered a vulnerability in Salesforce's public link feature that threat actors could exploit to retrieve sensitive data.
Nitay Bachrach
6 min read
-
Feb 20, 2024
Security Vulnerabilities in Apex Code Could Leak Salesforce Data
Varonis' threat researchers identified high- and critical-severity vulnerabilities in Apex, a programming language for customizing Salesforce instances.
Nitay Bachrach
7 min read
-
May 31, 2023
Ghost Sites: Stealing Data From Deactivated Salesforce Communities
Varonis Threat Labs discovered improperly deactivated Salesforce 'ghost' Sites that are easily found, accessible, and exploitable by attackers.
Nitay Bachrach
2 min read
-
Feb 08, 2023
Neo4jection: Secrets, Data, and Cloud Exploits
With the continuous rise of graph databases, especially Neo4j, we're seeing increased discussions among security researchers about issues found in those databases. However, given our experience with graph databases ― from designing complex and scalable solutions with graph databases to attacking them ― we've noticed a gap between public conversations and our security researchers' knowledge of those systems.
Nitay Bachrach
15 min read
-
Nov 02, 2021
Einstein's Wormhole: Capturing Outlook & Google Calendars via Salesforce Guest User Bug
If your organization uses Salesforce Communities and Einstein Activity Capture, you might have unknowingly exposed your administrator's Outlook or Google calendar events to the internet due to a bug called...
Nitay Bachrach
3 min read
-
Oct 21, 2021
Abusing Misconfigured Salesforce Communities for Recon and Data Theft
Our research team has discovered numerous publicly accessible Salesforce Communities that are misconfigured and expose sensitive information.
Nitay Bachrach
10 min read