
Nitay Bachrach
Nitay is a security researcher based in Tel Aviv, but you might encounter him anywhere in world. He is a cloud security expert, highly experienced in offensive security operations and reverse engineering. Nitay’s expertise also includes IoT devices, Linux, and local network security.
-
Threat Research
Sep 16, 2024
Data Theft in Salesforce: Manipulating Public Links
Varonis Threat Labs uncovered a vulnerability in Salesforce's public link feature that threat actors could exploit to retrieve sensitive data. By manipulating the API calls sent to the undocumented Salesforce Aura API — combined with SOQL subqueries — hackers could commit a blind SOQL injection attack to retrieve customer information, including PII. Varonis Threat Labs informed Salesforce of the vulnerability January 4, 2024. In February 2024, Salesforce patched the vulnerability for blind SOQL injection. Given the severity and the potential of this exploit to expose and leak sensitive information, Varonis researchers intentionally waited to release their findings. The vulnerability we identified applied to virtually any public link generated by Salesforce, making the potential impact widely detrimental. Because of the ubiquitous nature of public sharing links, most — if not all — Salesforce environments would likely have been vulnerable to some level of exposure, which could lead to data theft or leakage. Varonis recommends that organizations revisit the Salesforce Permission Sets granted to users to limit the creation of public links, remediate them where feasible, and monitor access activity. In this blog, we’ll explain how Salesforce public links work, how we discovered this vulnerability, and how attackers could exploit it to retrieve sensitive data.
Nitay Bachrach
6 min read
-
Threat Research
Feb 20, 2024
Security Vulnerabilities in Apex Code Could Leak Salesforce Data
Varonis Threat Labs identified high- and critical-severity vulnerabilities and misconfigurations in Apex, the Java-like programming language commonly used to customize Salesforce instances.
Nitay Bachrach
7 min read
-
Threat Research
May 31, 2023
Ghost Sites: Stealing Data From Deactivated Salesforce Communities
Varonis Threat Labs discovered that improperly deactivated and unmaintained Salesforce "ghost sites” remain accessible and vulnerable to risk. By manipulating the host header, threat actors can gain access to sensitive PII and business data.
Nitay Bachrach
2 min read
-
Threat Research
Feb 08, 2023
Neo4jection: Secrets, Data, and Cloud Exploits
Little Bobby Tables has grown up, and now he's playing with graphs
Nitay Bachrach
15 min read
-
Threat Research
Nov 02, 2021
Einstein's Wormhole: Capturing Outlook & Google Calendars via Salesforce Guest User Bug
If your organization uses Salesforce Communities and Einstein Activity Capture, you might have unknowingly exposed your administrator's Outlook or Google calendar events to the internet due to a bug called Einstein's Wormhole discovered by the Varonis research team.
Nitay Bachrach
3 min read
-
Data Security Threat Research
Oct 21, 2021
Abusing Misconfigured Salesforce Communities for Recon and Data Theft
Originally posted August 10, 2021. Executive Summary A misconfigured Salesforce Community may lead to sensitive Salesforce data being exposed to anyone on the internet. Anonymous users can query objects that contain sensitive information such as customer lists, support cases, and employee email addresses.
Nitay Bachrach
10 min read
SECURITY STACK NEWSLETTER
Ready to see the #1 Data Security Platform in action?
Ready to see the #1 Data Security Platform in action?
“I was amazed by how quickly Varonis was able to classify data and uncover potential data exposures during the free assessment. It was truly eye-opening.”
Michael Smith, CISO, HKS
"What I like about Varonis is that they come from a data-centric place. Other products protect the infrastructure, but they do nothing to protect your most precious commodity — your data."
Deborah Haworth, Director of Information Security, Penguin Random House
“Varonis’ support is unprecedented, and their team continues to evolve and improve their products to align with the rapid pace of industry evolution.”
Al Faella, CTO, Prospect Capital