Featured content

Welcome to Speed Data: Quick Conversations With Cybersecurity Leaders. Like speed dating, our goal is to capture the hearts of CISOs with intriguing, unique insight in a rapid format for security professionals pressed for time.

Modern technology relies heavily on the cloud, and as companies migrate to SaaS, they increasingly use advanced features and tools like generative AI.

A series of vulnerabilities in CUPS were recently disclosed by Simone Margaritelli, who is known as “evilsocket” on X (Twitter). OpenPrinting CUPS (Common UNIX Printing System) is an open-source printing software that is often included by default in various Linux distributions.

This month, Varonis released new updates to help organizations remediate permissions risks, streamline security operations, and improve security posture.

While security pros are already familiar with terms like data breaches, exploits, and misconfigurations, these phrases are also becoming known to organizations and non-tech leaders as cybersecurity becomes an essential part of business operations.

Welcome to Speed Data: Quick Conversations With Cybersecurity Leaders. Like speed dating, our goal is to capture the hearts of CISOs with intriguing, unique insight in a rapid format for security professionals pressed for time.

Today, we’re excited to announce new Salesforce remediation features that help organizations proactively find and revoke high-risk user permissions.

Varonis Threat Labs uncovered a vulnerability in Salesforce's public link feature that threat actors could exploit to retrieve sensitive data. By manipulating the API calls sent to the undocumented Salesforce Aura API — combined with SOQL subqueries — hackers could commit a blind SOQL injection attack to retrieve customer information, including PII. Varonis Threat Labs informed Salesforce of the vulnerability January 4, 2024. In February 2024, Salesforce patched the vulnerability for blind SOQL injection. Given the severity and the potential of this exploit to expose and leak sensitive information, Varonis researchers intentionally waited to release their findings. The vulnerability we identified applied to virtually any public link generated by Salesforce, making the potential impact widely detrimental. Because of the ubiquitous nature of public sharing links, most — if not all — Salesforce environments would likely have been vulnerable to some level of exposure, which could lead to data theft or leakage. Varonis recommends that organizations revisit the Salesforce Permission Sets granted to users to limit the creation of public links, remediate them where feasible, and monitor access activity. In this blog, we’ll explain how Salesforce public links work, how we discovered this vulnerability, and how attackers could exploit it to retrieve sensitive data.

Welcome to Speed Data: Quick Conversations With Cybersecurity Leaders. Like speed dating, our goal is to capture the hearts of CISOs with intriguing, unique insight in a rapid format for security professionals pressed for time.

Welcome to Speed Data: Quick Conversations With Cybersecurity Leaders. Like speed dating, our goal is to capture the hearts of CISOs with intriguing, unique insight in a rapid format for security professionals pressed for time.

All industries rely on data, and this data is increasingly stored in dynamic cloud environments. For organizations handling sensitive data in the cloud, data security posture management (DSPM) is essential for ensuring security and compliance.

Organizations worldwide use Salesforce Sites to provide information and services to partners and customers. However, when configuring these sites, something as simple as a missed checkbox can expose sensitive and regulated data to unauthenticated, anonymous guest users — effectively exposing the information publicly.