Latest articles
Data Theft in Salesforce: Manipulating Public Links
Sep 16, 2024
Varonis Threat Labs uncovered a vulnerability in Salesforce's public link feature that threat actors could exploit to retrieve sensitive data.
Security Vulnerabilities in Apex Code Could Leak Salesforce Data
Feb 20, 2024
Varonis' threat researchers identified high- and critical-severity vulnerabilities in Apex, a programming language for customizing Salesforce instances.
Ghost Sites: Stealing Data From Deactivated Salesforce Communities
May 31, 2023
Varonis Threat Labs discovered improperly deactivated Salesforce 'ghost' Sites that are easily found, accessible, and exploitable by attackers.
Neo4jection: Secrets, Data, and Cloud Exploits
Feb 08, 2023
With the continuous rise of graph databases, especially Neo4j, we're seeing increased discussions among security researchers about issues found in those databases. However, given our experience with graph databases ― from designing complex and scalable solutions with graph databases to attacking them ― we've noticed a gap between public conversations and our security researchers' knowledge of those systems.
Einstein's Wormhole: Capturing Outlook & Google Calendars via Salesforce Guest User Bug
Nov 02, 2021
If your organization uses Salesforce Communities and Einstein Activity Capture, you might have unknowingly exposed your administrator's Outlook or Google calendar events to the internet due to a bug called...
Abusing Misconfigured Salesforce Communities for Recon and Data Theft
Oct 21, 2021
Our research team has discovered numerous publicly accessible Salesforce Communities that are misconfigured and expose sensitive information.
Try Varonis free.
Deploys in minutes.