Cybersecurity researchers have uncovered over 20 configuration-related risks affecting Salesforce Industry Cloud (aka Salesforce Industries), exposing sensitive data to unauthorized internal and external parties. The weaknesses affect various components like FlexCards, Data Mappers, Integration Procedures (IProcs), Data Packs, OmniOut, and OmniScript Saved Sessions. “Low-code platforms such as
The financially motivated threat actor known as FIN6 has been observed leveraging fake resumes hosted on Amazon Web Services (AWS) infrastructure to deliver a malware family called More_eggs. “By posing as job seekers and initiating conversations through platforms like LinkedIn and Indeed, the group builds rapport with recruiters before deliveringRead More »FIN6 Uses AWS-Hosted Fake Resumes on LinkedIn to Deliver More_eggs Malware
A new executive order from the Trump Administration rewrites cybersecurity policy, and security leaders are sharing their thoughts.
Cybersecurity researchers have shed light on a previously undocumented Rust-based information stealer called Myth Stealer that’s being propagated via fraudulent gaming websites. “Upon execution, the malware displays a fake window to appear legitimate while simultaneously decrypting and executing malicious code in the background,” Trellix security researchers Niranjan Hegde, Vasantha Lakshmanan
The Texas Department of Transportation has disclosed a data breach impacting the personal information included in 300,000 crash reports. The post Hackers Stole 300,000 Crash Reports From Texas Department of Transportation appeared first on SecurityWeek.
Swimlane has raised $45 million in a growth funding round to fuel its global channel expansion and product innovation. The post Swimlane Raises $45 Million for Security Automation Platform appeared first on SecurityWeek.
Security researchers uncover critical flaws and widespread misconfigurations in Salesforce’s industry-specific CRM solutions. The post Five Zero-Days, 15 Misconfigurations Found in Salesforce Industry Cloud appeared first on SecurityWeek.
Research reveals 6 widely used Google Chrome extensions unintentionally transmit user data over simple HTTP.
SAP has fixed a critical NetWeaver vulnerability allowing attackers to bypass authorization checks and escalate their privileges. The post Critical Vulnerability Patched in SAP NetWeaver appeared first on SecurityWeek.
Modern enterprise networks are highly complex environments that rely on hundreds of apps and infrastructure services. These systems need to interact securely and efficiently without constant human oversight, which is where non-human identities (NHIs) come in. NHIs — including application secrets, API keys, service accounts, and OAuth tokens — haveRead More »The Hidden Threat in Your Stack: Why Non-Human Identity Management is the Next Cybersecurity Frontier
