< ciso
brief />
Tag Banner

All news with #salesforce tag

86 articles · page 2 of 5

Palo Alto Networks Automates DORs with Agentic AI Design

🤖 Palo Alto Networks automated creation of its internal Document of Record (DOR) using an agent built with Google's open-source Agent Development Kit (ADK) and hosted on Vertex AI Agent Engine. The agent leverages Vertex AI RAG Engine, Vertex AI Discovery Search, Gemini models, and Cloud Storage to retrieve and synthesize grounded answers to a standardized set of 140+ questions. A FastAPI webserver on GKE orchestrates parallel processing, manages state, and publishes completed DORs back to Salesforce via Cloud Pub/Sub, reducing manual effort and improving consistency.
read more →

RCE Risks in AI Python Libraries via Config Instantiation

🔒 Three widely used open-source AI/ML Python libraries — NVIDIA NeMo, Salesforce uni2TS, and Apple ml-flextok — were found vulnerable to remote code execution when model metadata was treated as executable configuration. The root cause is unsafe use of configuration-driven instantiation (for example Hydra's instantiate()) that accepts attacker-controlled _target_ values. Vendors released patches and CVE notices; users should apply fixes, restrict allowed targets, and avoid loading models from untrusted sources.
read more →

Auditing Salesforce Aura: Detecting Data Exposure Risks

🔍 Mandiant introduces AuraInspector, an open-source CLI to detect access-control misconfigurations in Salesforce Aura implementations. The post explains common Aura endpoint methods attackers misuse, a GraphQL technique to bypass the 2,000-record retrieval limit, and how action bulking can enumerate records. It also outlines remediation steps and security best practices to restrict Guest and authenticated user privileges.
read more →

Rise of the Chief Trust Officer: Where CISOs Fit In

🔒 The Chief Trust Officer (CTrO) marks a shift from defending systems to safeguarding corporate credibility, responding to eroded customer confidence after breaches and AI concerns. Early adopters such as Atlassian, Salesforce and SAP and analyst research from Forrester show the role consolidates privacy, security, compliance and ethics. Unlike a traditional CISO, the CTrO focuses on reputation, transparency and customer trust while partnering with security teams to operationalize measurable signals of trust. Success depends on board visibility, leadership backing and demonstrable behavior change.
read more →

Amazon Connect adds AI agent assistance and summarization

🤖 Amazon Connect now offers real-time AI agent assistance and automated contact summarization for Salesforce Contact Center with Amazon Connect (SCC-AC). The capability surfaces customer CRM records and knowledge-base articles to AI agents across voice and chat and provides agents with live transcripts and contextual recommendations. Supervisors gain enhanced call monitoring inside Salesforce, and automated post-contact summaries help agents quickly update cases, reducing administrative burden. Administrators can deploy and configure the integrated solution in minutes; it is available in all AWS Regions where Amazon Connect operates.
read more →

Gainsight Expands Customer Impact After Salesforce Alert

🔒 Gainsight disclosed that suspicious activity affecting its Salesforce-connected applications has expanded beyond an initial three-customer list provided by Salesforce, with the company saying it presently knows of "only a handful" of customers whose data were affected. Salesforce revoked access and refreshed tokens for impacted Gainsight-published apps after detecting "unusual activity" claimed by the ShinyHunters group. Several vendors suspended integrations while investigations continue; Gainsight advised rotating credentials, resetting non‑SSO passwords, and reauthorizing connectors as preventive measures.
read more →

Gainsight Breach Impacts More Salesforce Customers

🔒Gainsight has confirmed the cyber‑attack tied to Salesforce affected more customers than initially reported, though the vendor says the number remains limited and affected customers were notified. As a precaution Gainsight temporarily disabled Salesforce read/write access for several products, including Customer Success (CS), Community (CC), Northpass (CE), Skilljar (SJ) and Staircase (ST). Other vendors such as Gong.io, Zendesk and HubSpot have also disabled their connectors. Gainsight engaged Mandiant for an independent forensic investigation and is advising customers to rotate credentials and S3 keys, reset NXT passwords where appropriate, re-authorize integrations, and follow proactive hardening guidance while the investigation continues.
read more →

AWS Secrets Manager Introduces Managed External Secrets

🔐 AWS Secrets Manager now supports managed external secrets, a new secret type that standardizes storage and enables automated rotation for third-party application credentials such as Salesforce, Snowflake, and BigID. The feature separates rotation metadata from secret values and integrates directly with providers to remove the need for custom rotation functions. It leverages existing IAM, CloudWatch, CloudTrail, GuardDuty, and KMS controls and follows standard Secrets Manager pricing with no additional charge.
read more →

OAuth Token Compromise Hits Salesforce Ecosystem Again

🔐 Salesforce disclosed unauthorized access tied to Gainsight-published apps using OAuth integrations, saying it revoked all active access and refresh tokens and temporarily removed those apps from the AppExchange while investigators continue their work. Gainsight confirmed the incident, has engaged Mandiant for forensics, and revoked related connector access across other marketplaces. Google Threat Intelligence linked the activity to actors associated with ShinyHunters, echoing prior token-abuse campaigns against Salesloft and Drift. The incident highlights supply-chain risks in SaaS OAuth integrations and reinforces urgent recommendations to audit and revoke suspicious tokens.
read more →

Gainsight Supply-Chain Hack Disrupts Salesforce Apps

⚠️ On November 20, customer support platform provider Gainsight reported connection failures after Salesforce revoked active access for the Gainsight SFDC Connector following detection of unusual activity. Salesforce temporarily removed all Gainsight-published apps from its AppExchange, citing potential unauthorized access via the app's external connection rather than a Salesforce platform vulnerability. Gainsight also disabled integrations with HubSpot and Zendesk, and engaged Mandiant to support forensic work. A criminal collective claiming affiliation with Lapsus$/Scattered Spider said it was responsible and threatened wider data leaks and a RaaS offering.
read more →

AWS Glue zero-ETL now supports CloudFormation & CDK

🚀 AWS Glue zero-ETL integrations now support AWS CloudFormation and the AWS Cloud Development Kit (CDK), enabling creation and management of zero-ETL integrations using infrastructure as code. This lets teams ingest data from DynamoDB and enterprise SaaS sources (Salesforce, ServiceNow, SAP, Zendesk) into Amazon Redshift, S3, and S3 Tables. CloudFormation and CDK support makes it easier to deploy, update, and version-control zero-ETL configurations consistently across multiple AWS accounts.
read more →

Salesforce Flags Unauthorized Access via Gainsight OAuth

🔒 Salesforce reported detected 'unusual activity' involving Gainsight-published applications that used OAuth connections to its platform and said the activity may have enabled unauthorized access to some customers' Salesforce data. The company revoked all active access and refresh tokens for affected apps and temporarily removed those listings from the AppExchange while it investigates. Gainsight also pulled its app from the HubSpot Marketplace as a precaution. Security analysts have linked the activity to the ShinyHunters (UNC6240) group and are urging customers to review and revoke suspicious third-party integrations.
read more →

Salesforce Probes Customer Data Theft via Gainsight Apps

🔒 Salesforce says it revoked active access and refresh tokens tied to Gainsight-published applications after detecting unusual activity that may have enabled unauthorized access to some customers' CRM data. The company says the issue stems from the app's external connection rather than a vulnerability in Salesforce itself and temporarily removed those apps from the AppExchange. Affected customers have been notified and can contact Salesforce Help for assistance.
read more →

AWS Secrets Manager: Managed External Secrets Launch

🔐 AWS Secrets Manager introduces managed external secrets, a default-enabled feature that automates rotation for third-party SaaS credentials using provider-supported rotation strategies. The service removes the need to build and maintain rotation Lambda functions by enforcing a vendor-prescribed secret format and offering multiple rotation approaches. An onboarding guide enables any SaaS provider to join as a partner and publish prescriptive rotation guidance. At launch, the feature lists Salesforce, BigID, and Snowflake, and is available in all Regions where Secrets Manager operates.
read more →

Pennsylvania: Hacker Claims 1.2M Donor Records Breach

🔐 A threat actor claims to have compromised University of Pennsylvania systems and exfiltrated data for roughly 1.2 million students, alumni, and donors, including names, dates of birth, contact details, estimated net worth, donation histories, and sensitive demographic data. The attacker said they gained access via a compromised PennKey SSO account and accessed VPN, Salesforce Marketing Cloud, Qlik, SAP, SharePoint, and Box. After access was revoked on October 31 the actor used Marketing Cloud to send offensive emails to about 700,000 recipients and published a 1.7-GB archive of files. Penn says it is investigating; donors should watch for targeted phishing and verify solicitations directly with the university.
read more →

Offensive 'We got hacked' emails sent from Penn addresses

📧 The University of Pennsylvania distributed a series of offensive emails to students and alumni claiming data was stolen in a breach and urging action. The messages, with the subject line "We got hacked (Action Required)", were sent from multiple Penn addresses, including the Graduate School of Education, via the connect.upenn.edu mailing-list platform hosted on Salesforce Marketing Cloud. Penn's Office of Information Security said the messages are fraudulent, its Incident Response team is investigating, and the university has placed a website banner advising recipients to disregard or delete the emails.
read more →

Dreamforce Highlights Salesforce Amid OAuth Security Storm

🛡️ At Dreamforce, Salesforce emphasized shared responsibility for securing customer environments and introduced new AI agents for security and privacy. The conference largely avoided discussion of recent OAuth-based supply-chain breaches that exposed data from hundreds of companies and led to extensive litigation. Analysts warn the incidents — driven by compromised tokens from third-party apps like Salesloft Drift and spoofed tools such as malicious Data Loader instances — underscore systemic risks as AI integrations demand broader data access. Recommended mitigations include IP whitelisting, DPoP or mTLS, and tighter vendor governance.
read more →

FBI and French Police Seize BreachForums Domain Again

🛡️ US and French authorities say they have seized at least one clearweb domain used by the cybercrime forum BreachForums, which has been acting as a leak site linked to recent Salesforce breaches. Screenshots of the site display logos for the FBI, DOJ, BL2C and JUNALCO, although the forum's .onion instance appears still accessible. Reports suggest breachforums[.]hn was disrupted while threat actors such as ShinyHunters claim backups and backend servers were compromised or destroyed. Experts warn the seizure may yield valuable historical data for investigations, but will not immediately stop ongoing extortion of victims.
read more →

Scattered Lapsus$ Hunters: Risks to Retail & Hospitality

🔒 Scattered Lapsus$ Hunters, with core actors such as Bling Libra, claim responsibility for large-scale theft of Salesforce customer data and launched a public data leak site in early October 2025. The group operates an extortion-as-a-service model, recruiting affiliates to send targeted executive extortion messages and taking revenue shares from payments. Recent activity included a Clearnet domain seizure by law enforcement and threatening deadlines for victim disclosures. Retail and hospitality organizations face heightened risks of identity theft, account takeover, returns and loyalty fraud; Unit 42 recommends secrets scanning, zero trust controls, least privilege and participation in industry ISACs.
read more →

FBI Seizes BreachForums Servers as Salesforce Deadline Nears

🔒 The FBI, US Department of Justice and French authorities seized the BreachForums domain and parts of its backend on Oct. 9, disrupting infrastructure tied to an alliance of threat actors including ShinyHunters, Scattered Spider and LAPSUS$. The action followed threats to publish alleged Salesforce customer data unless a ransom was paid by Oct. 10. Although the primary forum domain now displays a takedown notice, a separate leak site remains active and the extortion campaign appears to be continuing. Experts advise organizations to audit Salesforce configurations, enable OAuth app governance, and enforce token and session hygiene immediately.
read more →